diff options
Diffstat (limited to 'distro')
151 files changed, 6274 insertions, 0 deletions
diff --git a/distro/Makefile.am b/distro/Makefile.am new file mode 100644 index 0000000..7e55ad7 --- /dev/null +++ b/distro/Makefile.am @@ -0,0 +1,5 @@ +EXTRA_DIST = \ + common \ + config \ + pkg \ + tests diff --git a/distro/Makefile.in b/distro/Makefile.in new file mode 100644 index 0000000..c19943d --- /dev/null +++ b/distro/Makefile.in @@ -0,0 +1,530 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = distro +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_compile_flag.m4 \ + $(top_srcdir)/m4/ax_check_link_flag.m4 \ + $(top_srcdir)/m4/code-coverage.m4 \ + $(top_srcdir)/m4/knot-lib-version.m4 \ + $(top_srcdir)/m4/knot-module.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/sanitizer.m4 $(top_srcdir)/m4/visibility.m4 \ + $(top_srcdir)/m4/knot-version.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CFLAG_VISIBILITY = @CFLAG_VISIBILITY@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DNSTAP_CFLAGS = @DNSTAP_CFLAGS@ +DNSTAP_LIBS = @DNSTAP_LIBS@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +GENHTML = @GENHTML@ +GREP = @GREP@ +HAVE_VISIBILITY = @HAVE_VISIBILITY@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +KNOT_VERSION_MAJOR = @KNOT_VERSION_MAJOR@ +KNOT_VERSION_MINOR = @KNOT_VERSION_MINOR@ +KNOT_VERSION_PATCH = @KNOT_VERSION_PATCH@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LDFLAG_EXCLUDE_LIBS = @LDFLAG_EXCLUDE_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_NO_UNDEFINED = @LT_NO_UNDEFINED@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PDFLATEX = @PDFLATEX@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PROTOC_C = @PROTOC_C@ +RANLIB = @RANLIB@ +RELEASE_DATE = @RELEASE_DATE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SPHINXBUILD = @SPHINXBUILD@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +cap_ng_CFLAGS = @cap_ng_CFLAGS@ +cap_ng_LIBS = @cap_ng_LIBS@ +conf_mapsize = @conf_mapsize@ +config_dir = @config_dir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dlopen_LIBS = @dlopen_LIBS@ +docdir = @docdir@ +dvidir = @dvidir@ +embedded_libngtcp2_CFLAGS = @embedded_libngtcp2_CFLAGS@ +embedded_libngtcp2_LIBS = @embedded_libngtcp2_LIBS@ +exec_prefix = @exec_prefix@ +fuzzer_CFLAGS = @fuzzer_CFLAGS@ +fuzzer_LDFLAGS = @fuzzer_LDFLAGS@ +gnutls_CFLAGS = @gnutls_CFLAGS@ +gnutls_LIBS = @gnutls_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libbpf_CFLAGS = @libbpf_CFLAGS@ +libbpf_LIBS = @libbpf_LIBS@ +libdir = @libdir@ +libdnssec_SONAME = @libdnssec_SONAME@ +libdnssec_SOVERSION = @libdnssec_SOVERSION@ +libdnssec_VERSION_INFO = @libdnssec_VERSION_INFO@ +libedit_CFLAGS = @libedit_CFLAGS@ +libedit_LIBS = @libedit_LIBS@ +libexecdir = @libexecdir@ +libfstrm_CFLAGS = @libfstrm_CFLAGS@ +libfstrm_LIBS = @libfstrm_LIBS@ +libidn2_CFLAGS = @libidn2_CFLAGS@ +libidn2_LIBS = @libidn2_LIBS@ +libidn_CFLAGS = @libidn_CFLAGS@ +libidn_LIBS = @libidn_LIBS@ +libknot_SONAME = @libknot_SONAME@ +libknot_SOVERSION = @libknot_SOVERSION@ +libknot_VERSION_INFO = @libknot_VERSION_INFO@ +libkqueue_CFLAGS = @libkqueue_CFLAGS@ +libkqueue_LIBS = @libkqueue_LIBS@ +libmaxminddb_CFLAGS = @libmaxminddb_CFLAGS@ +libmaxminddb_LIBS = @libmaxminddb_LIBS@ +libmnl_CFLAGS = @libmnl_CFLAGS@ +libmnl_LIBS = @libmnl_LIBS@ +libnghttp2_CFLAGS = @libnghttp2_CFLAGS@ +libnghttp2_LIBS = @libnghttp2_LIBS@ +libngtcp2_CFLAGS = @libngtcp2_CFLAGS@ +libngtcp2_LIBS = @libngtcp2_LIBS@ +libprotobuf_c_CFLAGS = @libprotobuf_c_CFLAGS@ +libprotobuf_c_LIBS = @libprotobuf_c_LIBS@ +liburcu_CFLAGS = @liburcu_CFLAGS@ +liburcu_LIBS = @liburcu_LIBS@ +liburcu_PKGCONFIG = @liburcu_PKGCONFIG@ +libxdp_CFLAGS = @libxdp_CFLAGS@ +libxdp_LIBS = @libxdp_LIBS@ +libzscanner_SONAME = @libzscanner_SONAME@ +libzscanner_SOVERSION = @libzscanner_SOVERSION@ +libzscanner_VERSION_INFO = @libzscanner_VERSION_INFO@ +lmdb_CFLAGS = @lmdb_CFLAGS@ +lmdb_LIBS = @lmdb_LIBS@ +localedir = @localedir@ +localstatedir = @localstatedir@ +malloc_LIBS = @malloc_LIBS@ +mandir = @mandir@ +math_LIBS = @math_LIBS@ +mkdir_p = @mkdir_p@ +module_dir = @module_dir@ +module_instdir = @module_instdir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgconfigdir = @pkgconfigdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pthread_LIBS = @pthread_LIBS@ +run_dir = @run_dir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +storage_dir = @storage_dir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = \ + common \ + config \ + pkg \ + tests + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign distro/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign distro/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/distro/common/cz.nic.knotd.conf b/distro/common/cz.nic.knotd.conf new file mode 100644 index 0000000..50af87a --- /dev/null +++ b/distro/common/cz.nic.knotd.conf @@ -0,0 +1,9 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="knot"> + <allow own="cz.nic.knotd" /> + </policy> + <policy context="default"> + <allow receive_sender="cz.nic.knotd" /> + </policy> +</busconfig> diff --git a/distro/common/knot.service b/distro/common/knot.service new file mode 100644 index 0000000..e6c13ed --- /dev/null +++ b/distro/common/knot.service @@ -0,0 +1,30 @@ +[Unit] +Description=Knot DNS server +Wants=network-online.target +After=network-online.target +Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) + +[Service] +Type=notify +User=knot +Group=knot +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP +ExecStartPre=/usr/sbin/knotc conf-check +ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE" +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-abort +LimitNOFILE=1048576 +TimeoutStopSec=300 +# Extend the systemd startup timeout by this value (seconds) for each zone +Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180" +# Maximum size (MiB) of a configuration database +Environment="KNOT_CONF_MAX_SIZE=512" + +# Expected systemd >= v239 +RuntimeDirectory=knot +StateDirectory=knot +NoNewPrivileges=yes + +[Install] +WantedBy=multi-user.target diff --git a/distro/common/system-local.conf b/distro/common/system-local.conf new file mode 100644 index 0000000..8df0a2f --- /dev/null +++ b/distro/common/system-local.conf @@ -0,0 +1,5 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <listen>unix:path=/rundir/dbus.sock</listen> +</busconfig> diff --git a/distro/config/apkg.toml b/distro/config/apkg.toml new file mode 100644 index 0000000..0b9f0eb --- /dev/null +++ b/distro/config/apkg.toml @@ -0,0 +1,24 @@ +[project] +name = "knot-dns" +# needed for make-archive +make_archive_script = "scripts/make-dev-archive.sh" + +[upstream] +# needed for get-archive +archive_url = "https://secure.nic.cz/files/knot-dns/knot-{{ version }}.tar.xz" +signature_url = "https://secure.nic.cz/files/knot-dns/knot-{{ version }}.tar.xz.asc" + +[apkg] +compat = 3 + +[[distro.aliases]] +name = "el-7" +distro = ["centos == 7", "rhel == 7"] + +[[distro.aliases]] +name = "deb-nolibxdp" +distro = ["debian == 11", "ubuntu == 20.04", "ubuntu == 22.04"] + +[[distro.aliases]] +name = "deb-noxdp" +distro = ["debian == 10", "ubuntu == 18.04"] diff --git a/distro/pkg/arch/PKGBUILD b/distro/pkg/arch/PKGBUILD new file mode 100644 index 0000000..16f1259 --- /dev/null +++ b/distro/pkg/arch/PKGBUILD @@ -0,0 +1,66 @@ +# Maintainer: Tomas Krizek <tomas.krizek@nic.cz> +# Maintainer: Bruno Pagani <archange@archlinux.org> +# Contributor: Ondřej Surý <ondrej@sury.org> +# Contributor: Julian Brost <julian@0x4a42.net> +# Contributor: Oleander Reis <oleander@oleander.cc> +# Contributor: Otto Sabart <seberm[at]gmail[dot]com> + +pkgname=knot +pkgver={{ version }} +pkgrel=1 +pkgdesc="High-performance authoritative-only DNS server" +arch=('x86_64') +url="https://www.knot-dns.cz/" +license=('GPL3') +depends=('fstrm' + 'gnutls' + 'libcap-ng' + 'libedit' + 'libidn2' + 'libmaxminddb' + 'liburcu' + 'lmdb' + 'protobuf-c' + 'systemd') +backup=('etc/knot/knot.conf') +source=("${pkgname}-${pkgver}.tar.xz") +sha256sums=('SKIP') +validpgpkeys=('742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB') # Daniel Salzman <daniel.salzman@nic.cz> + +build() { + cd ${pkgname}-${pkgver} + + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-storage=/var/lib/knot \ + --enable-recvmmsg \ + --enable-dnstap \ + --enable-systemd \ + --enable-reuseport \ + --disable-silent-rules \ + --disable-static + + make +} + +check() { + cd ${pkgname}-${pkgver} + make check +} + +package() { + cd ${pkgname}-${pkgver} + + make DESTDIR="${pkgdir}" install + + rm "${pkgdir}"/etc/knot/example.com.zone + mv "${pkgdir}"/etc/knot/{knot.sample.conf,knot.conf} + + install -Dm644 distro/common/${pkgname}.service -t "${pkgdir}"/usr/lib/systemd/system/ + install -Dm644 distro/pkg/arch/${pkgname}.sysusers "${pkgdir}"/usr/lib/sysusers.d/${pkgname}.conf +} diff --git a/distro/pkg/arch/knot.sysusers b/distro/pkg/arch/knot.sysusers new file mode 100644 index 0000000..735db76 --- /dev/null +++ b/distro/pkg/arch/knot.sysusers @@ -0,0 +1 @@ +u knot - "Knot DNS Daemon User" diff --git a/distro/pkg/arch/knot.tmpfiles.arch b/distro/pkg/arch/knot.tmpfiles.arch new file mode 100644 index 0000000..b20df6a --- /dev/null +++ b/distro/pkg/arch/knot.tmpfiles.arch @@ -0,0 +1,2 @@ +d /run/knot 0755 knot knot - - +d /var/lib/knot 0700 knot knot - - diff --git a/distro/pkg/deb-nolibxdp/changelog b/distro/pkg/deb-nolibxdp/changelog new file mode 100644 index 0000000..123f92b --- /dev/null +++ b/distro/pkg/deb-nolibxdp/changelog @@ -0,0 +1,6 @@ +knot ({{ version }}-cznic.{{ release }}) unstable; urgency=medium + + * upstream package + * see https://www.knot-dns.cz + + -- Knot DNS <knot-dns@labs.nic.cz> {{ now }} diff --git a/distro/pkg/deb-nolibxdp/clean b/distro/pkg/deb-nolibxdp/clean new file mode 100644 index 0000000..b2a9f3f --- /dev/null +++ b/distro/pkg/deb-nolibxdp/clean @@ -0,0 +1,2 @@ +doc/modules +.pybuild/ diff --git a/distro/pkg/deb-nolibxdp/compat b/distro/pkg/deb-nolibxdp/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/compat @@ -0,0 +1 @@ +11 diff --git a/distro/pkg/deb-nolibxdp/control b/distro/pkg/deb-nolibxdp/control new file mode 100644 index 0000000..7db1fb2 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/control @@ -0,0 +1,283 @@ +Source: knot +Section: net +Priority: optional +Maintainer: Knot DNS <knot-dns@labs.nic.cz> +Uploaders: + Jakub Ružička <jakub.ruzicka@nic.cz>, + Daniel Salzman <daniel.salzman@nic.cz>, +Build-Depends-Indep: + python3-setuptools, + python3-sphinx, +Build-Depends: + autoconf, + automake, + debhelper (>= 11), + dh-python, + libbpf-dev, + libcap-ng-dev, + libedit-dev, + libfstrm-dev, + libgnutls28-dev, + libidn2-dev, + liblmdb-dev, + libmaxminddb-dev, + libmnl-dev, + libnghttp2-dev, + libprotobuf-c-dev, + libsofthsm2 <!nocheck>, + libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any], + libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any], + libtool, + liburcu-dev, + pkg-config, + protobuf-c-compiler, + python3-all, +Standards-Version: 4.5.0 +Homepage: https://www.knot-dns.cz/ +Vcs-Browser: https://gitlab.nic.cz/knot/knot-dns +Vcs-Git: https://gitlab.nic.cz/knot/knot-dns.git +Rules-Requires-Root: no + +Package: knot +Architecture: any +Depends: + adduser, + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +Suggests: + systemd, +Description: Authoritative domain name server + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + +Package: libknot14 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a DNS shared library used by Knot DNS and + Knot Resolver. + +Package: libzscanner4 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS zone-parsing shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a fast zone parser shared library used by Knot + DNS and Knot Resolver. + +Package: libdnssec9 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNSSEC shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides common DNSSEC shared library used by Knot DNS + and Knot Resolver. + +Package: libknot-dev +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libgnutls28-dev, + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Section: libdevel +Description: Knot DNS shared library development files + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides development files for shared libraries from Knot DNS. + +Package: knot-dnsutils +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: DNS clients provided with Knot DNS (kdig, knsupdate) + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various DNS client programs from Knot DNS. + . + - kdig - query a DNS server in various ways + - knsupdate - perform dynamic updates (See RFC2136) + - kxdpgun - send a DNS query stream over UDP to a DNS server + . + Those clients were designed to be almost 1:1 compatible with BIND dnsutils, + but they provide some enhancements, which are documented. + . + WARNING: knslookup is not provided as it is considered obsolete. + +Package: knot-dnssecutils +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: DNSSEC tools provided with Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various DNSSEC tools from Knot DNS. + . + - kzonecheck + - kzonesign + - knsec3hash + +Package: knot-host +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Version of 'host' bundled with Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides the 'host' program from Knot DNS. This program is + designed to be almost 1:1 compatible with BIND 9.x 'host' program. + +Package: knot-module-dnstap +Architecture: any +Depends: + knot (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: dnstap module for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package contains dnstap module for logging DNS traffic. + +Package: knot-module-geoip +Architecture: any +Depends: + knot (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: geoip module for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package contains geoip module for geography-based responses. + +Package: knot-doc +Architecture: all +Multi-Arch: foreign +Depends: + libjs-jquery, + libjs-sphinxdoc, + libjs-underscore, + ${misc:Depends}, +Section: doc +Description: Documentation for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides various documents that are useful for + maintaining a working Knot DNS installation. + +Package: knot-exporter +Architecture: all +Depends: + ${misc:Depends}, + ${python3:Depends}, +Section: python +Description: Prometheus exporter for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides Python Prometheus exporter for Knot DNS. + +Package: python3-libknot +Architecture: all +Depends: + ${misc:Depends}, + ${python3:Depends}, +Section: python +Description: Python bindings for libknot + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides Python bindings for the libknot shared library. diff --git a/distro/pkg/deb-nolibxdp/copyright b/distro/pkg/deb-nolibxdp/copyright new file mode 100644 index 0000000..20c8b97 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/copyright @@ -0,0 +1,179 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Knot DNS +Upstream-Contact: knot-dns@labs.nic.cz +Source: https://secure.nic.cz/files/knot-dns/ + +Files: * +Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: m4/* +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1996-2001, 2003-2015 Free Software Foundation, Inc. +License: GPL-3+ + +Files: install-sh +Copyright: 1994 X Consortium +License: MIT + +Files: debian/* distro/pkg/deb/* +Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2011 Ondřej Surý <ondrej@debian.org> +License: GPL-3+ + +Files: tests/tap/* +Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu> + 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University +License: MIT + +Files: tests/tap/files.* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/dnstap/* +Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com> + 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/libngtcp2/* +Copyright: 2016-2023 ngtcp2 contributors + 2012-2017 nghttp2 contributors +License: MIT + +Files: src/contrib/musl/* +Copyright: 2005-2020 Rich Felker, et al. +License: MIT + +Files: src/contrib/openbsd/siphash.* +Copyright: 2013 Andre Oppermann <andre@FreeBSD.org> +License: BSD-3-Clause + +Files: src/contrib/openbsd/strl* +Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com> +License: 0BSD + +Files: src/contrib/proxyv2/* +Copyright: 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2021 Fastly, Inc. +License: GPL-3+ + +Files: src/contrib/qp-trie/* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2018 Tony Finch <dot@dotat.at> +License: GPL-3+ + +Files: src/contrib/ucw/* +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1997-2017 Martin Mares <mj@ucw.cz> + 2007 Pavel Charvat <pchar@ucw.cz> + 2012 Ondrej Filip <feela@network.cz> +License: LGPL-2.0 + +Files: src/contrib/ucw/heap.h +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/url-parser/* +Copyright: 2020 Igor Sysoev + 2020 Nginx, Inc. + 2020 Joyent, Inc. +License: MIT + +Files: src/contrib/vpool/* +Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org> +License: 0BSD + +Files: tests-fuzz/main.c +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2017 Tim Ruehsen +License: MIT + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the full text of the GNU General Public License + version 3 can be found in the file `/usr/share/common-licenses/GPL-3'. + +License: LGPL-2.0 + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + . + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301, USA. + +License: 0BSD + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without modification, + are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + 3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. diff --git a/distro/pkg/deb-nolibxdp/cz.nic.knotd.conf b/distro/pkg/deb-nolibxdp/cz.nic.knotd.conf new file mode 100644 index 0000000..50af87a --- /dev/null +++ b/distro/pkg/deb-nolibxdp/cz.nic.knotd.conf @@ -0,0 +1,9 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="knot"> + <allow own="cz.nic.knotd" /> + </policy> + <policy context="default"> + <allow receive_sender="cz.nic.knotd" /> + </policy> +</busconfig> diff --git a/distro/pkg/deb-nolibxdp/docs b/distro/pkg/deb-nolibxdp/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/docs @@ -0,0 +1 @@ +README.md diff --git a/distro/pkg/deb-nolibxdp/knot-dnssecutils.install b/distro/pkg/deb-nolibxdp/knot-dnssecutils.install new file mode 100644 index 0000000..20009e8 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-dnssecutils.install @@ -0,0 +1,3 @@ +usr/bin/knsec3hash +usr/bin/kzonecheck +usr/bin/kzonesign diff --git a/distro/pkg/deb-nolibxdp/knot-dnssecutils.manpages b/distro/pkg/deb-nolibxdp/knot-dnssecutils.manpages new file mode 100644 index 0000000..913c4cb --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-dnssecutils.manpages @@ -0,0 +1,3 @@ +usr/share/man/man1/knsec3hash.1 +usr/share/man/man1/kzonecheck.1 +usr/share/man/man1/kzonesign.1 diff --git a/distro/pkg/deb-nolibxdp/knot-dnsutils.install b/distro/pkg/deb-nolibxdp/knot-dnsutils.install new file mode 100644 index 0000000..e2f2a8a --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-dnsutils.install @@ -0,0 +1,3 @@ +usr/bin/kdig +usr/bin/knsupdate +usr/sbin/kxdpgun diff --git a/distro/pkg/deb-nolibxdp/knot-dnsutils.manpages b/distro/pkg/deb-nolibxdp/knot-dnsutils.manpages new file mode 100644 index 0000000..67254d9 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-dnsutils.manpages @@ -0,0 +1,3 @@ +usr/share/man/man1/kdig.1 +usr/share/man/man1/knsupdate.1 +usr/share/man/man8/kxdpgun.8 diff --git a/distro/pkg/deb-nolibxdp/knot-doc.install b/distro/pkg/deb-nolibxdp/knot-doc.install new file mode 100644 index 0000000..c2a345d --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-doc.install @@ -0,0 +1 @@ +usr/share/doc/knot/* /usr/share/doc/knot-doc/ diff --git a/distro/pkg/deb-nolibxdp/knot-doc.links b/distro/pkg/deb-nolibxdp/knot-doc.links new file mode 100644 index 0000000..1376b3a --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-doc.links @@ -0,0 +1,5 @@ +usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js +usr/share/javascript/sphinxdoc/1.0/doctools.js usr/share/doc/knot-doc/_static/doctools.js +usr/share/javascript/sphinxdoc/1.0/language_data.js usr/share/doc/knot-doc/_static/language_data.js +usr/share/javascript/sphinxdoc/1.0/searchtools.js usr/share/doc/knot-doc/_static/searchtools.js +usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js diff --git a/distro/pkg/deb-nolibxdp/knot-exporter.install b/distro/pkg/deb-nolibxdp/knot-exporter.install new file mode 100644 index 0000000..4c2d5ed --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-exporter.install @@ -0,0 +1,3 @@ +usr/lib/python3*/dist-packages/knot_exporter-*.egg-info +usr/lib/python3*/dist-packages/knot_exporter/*.py +usr/bin/knot-exporter /usr/sbin/knot-exporter diff --git a/distro/pkg/deb-nolibxdp/knot-host.install b/distro/pkg/deb-nolibxdp/knot-host.install new file mode 100644 index 0000000..51bacf0 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-host.install @@ -0,0 +1 @@ +usr/bin/khost diff --git a/distro/pkg/deb-nolibxdp/knot-host.manpages b/distro/pkg/deb-nolibxdp/knot-host.manpages new file mode 100644 index 0000000..4891e2c --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-host.manpages @@ -0,0 +1 @@ +usr/share/man/man1/khost.1 diff --git a/distro/pkg/deb-nolibxdp/knot-module-dnstap.install b/distro/pkg/deb-nolibxdp/knot-module-dnstap.install new file mode 100644 index 0000000..983455e --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-module-dnstap.install @@ -0,0 +1 @@ +usr/lib/*/knot/modules-*/dnstap.so diff --git a/distro/pkg/deb-nolibxdp/knot-module-geoip.install b/distro/pkg/deb-nolibxdp/knot-module-geoip.install new file mode 100644 index 0000000..16d87c3 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot-module-geoip.install @@ -0,0 +1 @@ +usr/lib/*/knot/modules-*/geoip.so diff --git a/distro/pkg/deb-nolibxdp/knot.dirs b/distro/pkg/deb-nolibxdp/knot.dirs new file mode 100644 index 0000000..6e937aa --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot.dirs @@ -0,0 +1 @@ +var/lib/knot diff --git a/distro/pkg/deb-nolibxdp/knot.init b/distro/pkg/deb-nolibxdp/knot.init new file mode 100644 index 0000000..3f8fcae --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot.init @@ -0,0 +1,149 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: knot +# Required-Start: $network $local_fs $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: authoritative domain name server +# Description: Knot DNS is a authoritative-only domain name server +### END INIT INFO + +# Author: Ondřej Surý <ondrej@debian.org> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Knot DNS server" # Introduce a short description here +NAME=knotd # Introduce the short server's name here +DAEMON=/usr/sbin/$NAME # Introduce the server's location here +PIDFILE=/run/knot/knot.pid +SCRIPTNAME=/etc/init.d/knot +KNOTC=/usr/sbin/knotc +RUNDIR=/run/knot + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +KNOTD_ARGS="" + +# Read configuration variable file if it is present +[ -r /etc/default/knot ] && . /etc/default/knot + +DAEMON_ARGS="-d $KNOTD_ARGS" + +# Define LSB log_* functions. +# Depend on sysvinit-utils (>= 2.96) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + $KNOTC status >/dev/null 2>/dev/null \ + && return 1 + + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + $KNOTC status >/dev/null 2>/dev/null \ + || return 1 + + $KNOTC stop >/dev/null + RETVAL="$?" + [ $? = 1 ] && return 2 + + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return 0 +} + +do_reload() { + $KNOTC reload >/dev/null + return $? +} + +do_mkrundir() { + mkdir -p $RUNDIR + chmod 0755 $RUNDIR + chown knot:knot $RUNDIR +} + +case "$1" in + start) + do_mkrundir + log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + STATUS=$($KNOTC status 2>&1 >/dev/null) + RETVAL=$? + if [ $RETVAL = 0 ]; then + log_success_msg "$NAME is running" + else + log_failure_msg "$NAME is not running ($STATUS)" + fi + exit $RETVAL + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/distro/pkg/deb-nolibxdp/knot.install b/distro/pkg/deb-nolibxdp/knot.install new file mode 100644 index 0000000..5c716fc --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot.install @@ -0,0 +1,8 @@ +debian/cz.nic.knotd.conf usr/share/dbus-1/system.d/ +debian/ufw/knot etc/ufw/applications.d/ +etc/knot/knot.conf +usr/sbin/kcatalogprint +usr/sbin/keymgr +usr/sbin/kjournalprint +usr/sbin/knotc +usr/sbin/knotd diff --git a/distro/pkg/deb-nolibxdp/knot.manpages b/distro/pkg/deb-nolibxdp/knot.manpages new file mode 100644 index 0000000..5d23e9f --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot.manpages @@ -0,0 +1,6 @@ +usr/share/man/man5/knot.conf.5 +usr/share/man/man8/kcatalogprint.8 +usr/share/man/man8/keymgr.8 +usr/share/man/man8/kjournalprint.8 +usr/share/man/man8/knotc.8 +usr/share/man/man8/knotd.8 diff --git a/distro/pkg/deb-nolibxdp/knot.postinst b/distro/pkg/deb-nolibxdp/knot.postinst new file mode 100644 index 0000000..da747c8 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot.postinst @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +if [ "$1" = "configure" ]; then + if ! getent passwd knot > /dev/null; then + adduser --quiet --system --group --no-create-home --home /var/lib/knot knot + fi + + dpkg-statoverride --list /var/lib/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0770 /var/lib/knot + dpkg-statoverride --list /etc/knot/knot.conf >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0640 /etc/knot/knot.conf + dpkg-statoverride --list /etc/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0750 /etc/knot +fi + +#DEBHELPER# + +exit 0 diff --git a/distro/pkg/deb-nolibxdp/knot.postrm b/distro/pkg/deb-nolibxdp/knot.postrm new file mode 100644 index 0000000..14b3d69 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot.postrm @@ -0,0 +1,21 @@ +#!/bin/sh +set -e + +if test "$1" = "purge"; then + state_dir=/var/lib/knot + for db_name in "catalog" "confdb" "journal" "keys" "timers"; do + rm -rf $state_dir/$db_name >/dev/null 2>&1 || true + done + rmdir $state_dir >/dev/null 2>&1 || true + [ -e $state_dir/* ] && echo "Notice: there are still data in ${state_dir}, please check." + + dpkg-statoverride --remove /var/lib/knot >/dev/null 2>&1 || true + dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>&1 || true + dpkg-statoverride --remove /etc/knot >/dev/null 2>&1 || true + + deluser --quiet knot >/dev/null 2>&1 || true +fi + +#DEBHELPER# + +exit 0 diff --git a/distro/pkg/deb-nolibxdp/knot.service b/distro/pkg/deb-nolibxdp/knot.service new file mode 100644 index 0000000..e6c13ed --- /dev/null +++ b/distro/pkg/deb-nolibxdp/knot.service @@ -0,0 +1,30 @@ +[Unit] +Description=Knot DNS server +Wants=network-online.target +After=network-online.target +Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) + +[Service] +Type=notify +User=knot +Group=knot +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP +ExecStartPre=/usr/sbin/knotc conf-check +ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE" +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-abort +LimitNOFILE=1048576 +TimeoutStopSec=300 +# Extend the systemd startup timeout by this value (seconds) for each zone +Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180" +# Maximum size (MiB) of a configuration database +Environment="KNOT_CONF_MAX_SIZE=512" + +# Expected systemd >= v239 +RuntimeDirectory=knot +StateDirectory=knot +NoNewPrivileges=yes + +[Install] +WantedBy=multi-user.target diff --git a/distro/pkg/deb-nolibxdp/libdnssec9.install b/distro/pkg/deb-nolibxdp/libdnssec9.install new file mode 100644 index 0000000..17a9fe6 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/libdnssec9.install @@ -0,0 +1 @@ +usr/lib/*/libdnssec.so.* diff --git a/distro/pkg/deb-nolibxdp/libdnssec9.symbols b/distro/pkg/deb-nolibxdp/libdnssec9.symbols new file mode 100644 index 0000000..c3ab2ed --- /dev/null +++ b/distro/pkg/deb-nolibxdp/libdnssec9.symbols @@ -0,0 +1,96 @@ +libdnssec.so.9 libdnssec9 #MINVER# +* Build-Depends-Package: libknot-dev + dnssec_algorithm_digest_support@Base 3.2.0 + dnssec_algorithm_key_size_check@Base 3.2.0 + dnssec_algorithm_key_size_default@Base 3.2.0 + dnssec_algorithm_key_size_range@Base 3.2.0 + dnssec_algorithm_key_support@Base 3.2.0 + dnssec_algorithm_reproducible@Base 3.2.0 + dnssec_binary_alloc@Base 3.2.0 + dnssec_binary_cmp@Base 3.2.0 + dnssec_binary_dup@Base 3.2.0 + dnssec_binary_free@Base 3.2.0 + dnssec_binary_from_base64@Base 3.2.0 + dnssec_binary_resize@Base 3.2.0 + dnssec_binary_to_base64@Base 3.2.0 + dnssec_crypto_cleanup@Base 3.2.0 + dnssec_crypto_init@Base 3.2.0 + dnssec_crypto_reinit@Base 3.2.0 + dnssec_digest@Base 3.2.0 + dnssec_digest_finish@Base 3.2.0 + dnssec_digest_init@Base 3.2.0 + dnssec_key_can_sign@Base 3.2.0 + dnssec_key_can_verify@Base 3.2.0 + dnssec_key_clear@Base 3.2.0 + dnssec_key_create_ds@Base 3.2.0 + dnssec_key_dup@Base 3.2.0 + dnssec_key_free@Base 3.2.0 + dnssec_key_get_algorithm@Base 3.2.0 + dnssec_key_get_dname@Base 3.2.0 + dnssec_key_get_flags@Base 3.2.0 + dnssec_key_get_keyid@Base 3.2.0 + dnssec_key_get_keytag@Base 3.2.0 + dnssec_key_get_protocol@Base 3.2.0 + dnssec_key_get_pubkey@Base 3.2.0 + dnssec_key_get_rdata@Base 3.2.0 + dnssec_key_get_size@Base 3.2.0 + dnssec_key_load_pkcs8@Base 3.2.0 + dnssec_key_new@Base 3.2.0 + dnssec_key_set_algorithm@Base 3.2.0 + dnssec_key_set_dname@Base 3.2.0 + dnssec_key_set_flags@Base 3.2.0 + dnssec_key_set_protocol@Base 3.2.0 + dnssec_key_set_pubkey@Base 3.2.0 + dnssec_key_set_rdata@Base 3.2.0 + dnssec_keyid_copy@Base 3.2.0 + dnssec_keyid_equal@Base 3.2.0 + dnssec_keyid_is_valid@Base 3.2.0 + dnssec_keyid_normalize@Base 3.2.0 + dnssec_keystore_close@Base 3.2.0 + dnssec_keystore_deinit@Base 3.2.0 + dnssec_keystore_generate@Base 3.2.0 + dnssec_keystore_get_private@Base 3.2.0 + dnssec_keystore_import@Base 3.2.0 + dnssec_keystore_init@Base 3.2.0 + dnssec_keystore_init_pkcs11@Base 3.2.0 + dnssec_keystore_init_pkcs8@Base 3.2.0 + dnssec_keystore_open@Base 3.2.0 + dnssec_keystore_remove@Base 3.2.0 + dnssec_keystore_set_private@Base 3.2.0 + dnssec_keytag@Base 3.2.0 + dnssec_nsec3_hash@Base 3.2.0 + dnssec_nsec3_hash_length@Base 3.2.0 + dnssec_nsec3_params_free@Base 3.2.0 + dnssec_nsec3_params_from_rdata@Base 3.2.0 + dnssec_nsec3_params_match@Base 3.2.0 + dnssec_nsec_bitmap_add@Base 3.2.0 + dnssec_nsec_bitmap_clear@Base 3.2.0 + dnssec_nsec_bitmap_contains@Base 3.2.0 + dnssec_nsec_bitmap_free@Base 3.2.0 + dnssec_nsec_bitmap_new@Base 3.2.0 + dnssec_nsec_bitmap_size@Base 3.2.0 + dnssec_nsec_bitmap_write@Base 3.2.0 + dnssec_pem_from_privkey@Base 3.2.0 + dnssec_pem_from_x509@Base 3.2.0 + dnssec_pem_to_privkey@Base 3.2.0 + dnssec_pem_to_x509@Base 3.2.0 + dnssec_random_binary@Base 3.2.0 + dnssec_random_buffer@Base 3.2.0 + dnssec_sign_add@Base 3.2.0 + dnssec_sign_free@Base 3.2.0 + dnssec_sign_init@Base 3.2.0 + dnssec_sign_new@Base 3.2.0 + dnssec_sign_verify@Base 3.2.0 + dnssec_sign_write@Base 3.2.0 + dnssec_strerror@Base 3.2.0 + dnssec_tsig_add@Base 3.2.0 + dnssec_tsig_algorithm_from_dname@Base 3.2.0 + dnssec_tsig_algorithm_from_name@Base 3.2.0 + dnssec_tsig_algorithm_size@Base 3.2.0 + dnssec_tsig_algorithm_to_dname@Base 3.2.0 + dnssec_tsig_algorithm_to_name@Base 3.2.0 + dnssec_tsig_free@Base 3.2.0 + dnssec_tsig_new@Base 3.2.0 + dnssec_tsig_optimal_key_size@Base 3.2.0 + dnssec_tsig_size@Base 3.2.0 + dnssec_tsig_write@Base 3.2.0 diff --git a/distro/pkg/deb-nolibxdp/libknot-dev.install b/distro/pkg/deb-nolibxdp/libknot-dev.install new file mode 100644 index 0000000..cb60d88 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/libknot-dev.install @@ -0,0 +1,3 @@ +usr/include/ +usr/lib/*/*.so +usr/lib/*/pkgconfig/* diff --git a/distro/pkg/deb-nolibxdp/libknot14.install b/distro/pkg/deb-nolibxdp/libknot14.install new file mode 100644 index 0000000..f9b9f93 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/libknot14.install @@ -0,0 +1 @@ +usr/lib/*/libknot.so.* diff --git a/distro/pkg/deb-nolibxdp/libknot14.symbols b/distro/pkg/deb-nolibxdp/libknot14.symbols new file mode 100644 index 0000000..b6e7caf --- /dev/null +++ b/distro/pkg/deb-nolibxdp/libknot14.symbols @@ -0,0 +1,276 @@ +libknot.so.14 libknot14 #MINVER# +* Build-Depends-Package: libknot-dev + KNOT_DB_LMDB_DUPSORT@Base 3.3.0 + KNOT_DB_LMDB_INTEGERKEY@Base 3.3.0 + KNOT_DB_LMDB_MAPASYNC@Base 3.3.0 + KNOT_DB_LMDB_NOSYNC@Base 3.3.0 + KNOT_DB_LMDB_NOTLS@Base 3.3.0 + KNOT_DB_LMDB_RDONLY@Base 3.3.0 + KNOT_DB_LMDB_WRITEMAP@Base 3.3.0 + KNOT_DUMP_STYLE_DEFAULT@Base 3.3.0 + knot_ctl_accept@Base 3.3.0 + knot_ctl_alloc@Base 3.3.0 + knot_ctl_bind@Base 3.3.0 + knot_ctl_close@Base 3.3.0 + knot_ctl_connect@Base 3.3.0 + knot_ctl_free@Base 3.3.0 + knot_ctl_receive@Base 3.3.0 + knot_ctl_send@Base 3.3.0 + knot_ctl_set_timeout@Base 3.3.0 + knot_ctl_unbind@Base 3.3.0 + knot_db_lmdb_api@Base 3.3.0 + knot_db_lmdb_del_exact@Base 3.3.0 + knot_db_lmdb_get_mapsize@Base 3.3.0 + knot_db_lmdb_get_path@Base 3.3.0 + knot_db_lmdb_get_usage@Base 3.3.0 + knot_db_lmdb_iter_del@Base 3.3.0 + knot_db_lmdb_txn_begin@Base 3.3.0 + knot_db_trie_api@Base 3.3.0 + knot_dname_cmp@Base 3.3.0 + knot_dname_copy@Base 3.3.0 + knot_dname_copy_lower@Base 3.3.0 + knot_dname_free@Base 3.3.0 + knot_dname_from_str@Base 3.3.0 + knot_dname_in_bailiwick@Base 3.3.0 + knot_dname_is_case_equal@Base 3.3.0 + knot_dname_is_equal@Base 3.3.0 + knot_dname_labels@Base 3.3.0 + knot_dname_lf@Base 3.3.0 + knot_dname_matched_labels@Base 3.3.0 + knot_dname_prefixlen@Base 3.3.0 + knot_dname_realsize@Base 3.3.0 + knot_dname_replace_suffix@Base 3.3.0 + knot_dname_size@Base 3.3.0 + knot_dname_store@Base 3.3.0 + knot_dname_to_lower@Base 3.3.0 + knot_dname_to_str@Base 3.3.0 + knot_dname_to_wire@Base 3.3.0 + knot_dname_unpack@Base 3.3.0 + knot_dname_wire_check@Base 3.3.0 + knot_dnssec_alg_names@Base 3.3.0 + knot_edns_add_option@Base 3.3.0 + knot_edns_alignment_size@Base 3.3.0 + knot_edns_chain_parse@Base 3.3.0 + knot_edns_chain_size@Base 3.3.0 + knot_edns_chain_write@Base 3.3.0 + knot_edns_client_subnet_get_addr@Base 3.3.0 + knot_edns_client_subnet_parse@Base 3.3.0 + knot_edns_client_subnet_set_addr@Base 3.3.0 + knot_edns_client_subnet_size@Base 3.3.0 + knot_edns_client_subnet_write@Base 3.3.0 + knot_edns_cookie_client_check@Base 3.3.0 + knot_edns_cookie_client_generate@Base 3.3.0 + knot_edns_cookie_parse@Base 3.3.0 + knot_edns_cookie_server_check@Base 3.3.0 + knot_edns_cookie_server_generate@Base 3.3.0 + knot_edns_cookie_size@Base 3.3.0 + knot_edns_cookie_write@Base 3.3.0 + knot_edns_ede_names@Base 3.3.0 + knot_edns_get_ext_rcode@Base 3.3.0 + knot_edns_get_option@Base 3.3.0 + knot_edns_get_options@Base 3.3.0 + knot_edns_get_version@Base 3.3.0 + knot_edns_init@Base 3.3.0 + knot_edns_keepalive_parse@Base 3.3.0 + knot_edns_keepalive_size@Base 3.3.0 + knot_edns_keepalive_write@Base 3.3.0 + knot_edns_opt_names@Base 3.3.0 + knot_edns_reserve_option@Base 3.3.0 + knot_edns_set_ext_rcode@Base 3.3.0 + knot_edns_set_version@Base 3.3.0 + knot_error_from_libdnssec@Base 3.3.0 + knot_eth_mtu@Base 3.3.0 + knot_eth_name_from_addr@Base 3.3.0 + knot_eth_queues@Base 3.3.0 + knot_eth_rss@Base 3.3.0 + knot_eth_vlans@Base 3.3.0 + knot_eth_xdp_mode@Base 3.3.0 + knot_get_obsolete_rdata_descriptor@Base 3.3.0 + knot_get_rdata_descriptor@Base 3.3.0 + knot_naptr_header_size@Base 3.3.0 + knot_opcode_names@Base 3.3.0 + knot_opt_code_to_string@Base 3.3.0 + knot_pkt_begin@Base 3.3.0 + knot_pkt_clear@Base 3.3.0 + knot_pkt_copy@Base 3.3.0 + knot_pkt_ext_rcode@Base 3.3.0 + knot_pkt_ext_rcode_name@Base 3.3.0 + knot_pkt_free@Base 3.3.0 + knot_pkt_init_response@Base 3.3.0 + knot_pkt_new@Base 3.3.0 + knot_pkt_parse@Base 3.3.0 + knot_pkt_parse_question@Base 3.3.0 + knot_pkt_put_question@Base 3.3.0 + knot_pkt_put_rotate@Base 3.3.0 + knot_pkt_reclaim@Base 3.3.0 + knot_pkt_reserve@Base 3.3.0 + knot_probe_alloc@Base 3.3.0 + knot_probe_consume@Base 3.3.0 + knot_probe_data_set@Base 3.3.0 + knot_probe_fd@Base 3.3.0 + knot_probe_free@Base 3.3.0 + knot_probe_produce@Base 3.3.0 + knot_probe_set_consumer@Base 3.3.0 + knot_probe_set_producer@Base 3.3.0 + knot_probe_tcp_rtt@Base 3.3.0 + knot_quic_cleanup@Base 3.3.0 + knot_quic_client@Base 3.3.0 + knot_quic_conn_get_stream@Base 3.3.0 + knot_quic_conn_local_port@Base 3.3.0 + knot_quic_conn_new_stream@Base 3.3.0 + knot_quic_conn_next_timeout@Base 3.3.3 + knot_quic_conn_pin@Base 3.3.0 + knot_quic_conn_rtt@Base 3.3.0 + knot_quic_conn_stream_free@Base 3.3.0 + knot_quic_creds_cert@Base 3.3.0 + knot_quic_free_creds@Base 3.3.0 + knot_quic_handle@Base 3.3.0 + knot_quic_hanle_expiry@Base 3.3.3 + knot_quic_init_creds@Base 3.3.0 + knot_quic_init_creds_peer@Base 3.3.0 + knot_quic_send@Base 3.3.0 + knot_quic_session_available@Base 3.3.0 + knot_quic_session_load@Base 3.3.0 + knot_quic_session_save@Base 3.3.0 + knot_quic_stream_add_data@Base 3.3.0 + knot_quic_stream_get_process@Base 3.3.0 + knot_quic_table_free@Base 3.3.0 + knot_quic_table_new@Base 3.3.0 + knot_quic_table_rem@Base 3.3.0 + knot_quic_table_sweep@Base 3.3.0 + knot_rcode_names@Base 3.3.0 + knot_rdataset_add@Base 3.3.0 + knot_rdataset_at@Base 3.3.0 + knot_rdataset_clear@Base 3.3.0 + knot_rdataset_copy@Base 3.3.0 + knot_rdataset_eq@Base 3.3.0 + knot_rdataset_intersect@Base 3.3.0 + knot_rdataset_intersect2@Base 3.3.0 + knot_rdataset_member@Base 3.3.0 + knot_rdataset_merge@Base 3.3.0 + knot_rdataset_subset@Base 3.3.0 + knot_rdataset_subtract@Base 3.3.0 + knot_rrclass_from_string@Base 3.3.0 + knot_rrclass_to_string@Base 3.3.0 + knot_rrset_add_rdata@Base 3.3.0 + knot_rrset_clear@Base 3.3.0 + knot_rrset_copy@Base 3.3.0 + knot_rrset_equal@Base 3.3.0 + knot_rrset_free@Base 3.3.0 + knot_rrset_is_nsec3rel@Base 3.3.0 + knot_rrset_new@Base 3.3.0 + knot_rrset_rr_from_wire@Base 3.3.0 + knot_rrset_rr_to_canonical@Base 3.3.0 + knot_rrset_size@Base 3.3.0 + knot_rrset_to_wire_extra@Base 3.3.0 + knot_rrset_txt_dump@Base 3.3.0 + knot_rrset_txt_dump_data@Base 3.3.0 + knot_rrset_txt_dump_edns@Base 3.3.0 + knot_rrset_txt_dump_header@Base 3.3.0 + knot_rrtype_additional_needed@Base 3.3.0 + knot_rrtype_from_string@Base 3.3.0 + knot_rrtype_is_dnssec@Base 3.3.0 + knot_rrtype_is_metatype@Base 3.3.0 + knot_rrtype_should_be_lowercased@Base 3.3.0 + knot_rrtype_to_string@Base 3.3.0 + knot_strerror@Base 3.3.0 + knot_svcb_param_names@Base 3.3.0 + knot_tcp_cleanup@Base 3.3.0 + knot_tcp_inbufs_upd@Base 3.3.0 + knot_tcp_outbufs_ack@Base 3.3.0 + knot_tcp_outbufs_add@Base 3.3.0 + knot_tcp_outbufs_can_send@Base 3.3.0 + knot_tcp_outbufs_usage@Base 3.3.0 + knot_tcp_recv@Base 3.3.0 + knot_tcp_reply_data@Base 3.3.0 + knot_tcp_send@Base 3.3.0 + knot_tcp_sweep@Base 3.3.0 + knot_tcp_table_free@Base 3.3.0 + knot_tcp_table_new@Base 3.3.0 + knot_tsig_add@Base 3.3.0 + knot_tsig_append@Base 3.3.0 + knot_tsig_client_check@Base 3.3.0 + knot_tsig_client_check_next@Base 3.3.0 + knot_tsig_create_rdata@Base 3.3.0 + knot_tsig_key_copy@Base 3.3.0 + knot_tsig_key_deinit@Base 3.3.0 + knot_tsig_key_init@Base 3.3.0 + knot_tsig_key_init_file@Base 3.3.0 + knot_tsig_key_init_str@Base 3.3.0 + knot_tsig_rcode_names@Base 3.3.0 + knot_tsig_rdata_alg@Base 3.3.0 + knot_tsig_rdata_alg_name@Base 3.3.0 + knot_tsig_rdata_error@Base 3.3.0 + knot_tsig_rdata_fudge@Base 3.3.0 + knot_tsig_rdata_is_ok@Base 3.3.0 + knot_tsig_rdata_mac@Base 3.3.0 + knot_tsig_rdata_mac_length@Base 3.3.0 + knot_tsig_rdata_orig_id@Base 3.3.0 + knot_tsig_rdata_other_data@Base 3.3.0 + knot_tsig_rdata_other_data_length@Base 3.3.0 + knot_tsig_rdata_set_fudge@Base 3.3.0 + knot_tsig_rdata_set_mac@Base 3.3.0 + knot_tsig_rdata_set_orig_id@Base 3.3.0 + knot_tsig_rdata_set_other_data@Base 3.3.0 + knot_tsig_rdata_set_time_signed@Base 3.3.0 + knot_tsig_rdata_time_signed@Base 3.3.0 + knot_tsig_rdata_tsig_timers_length@Base 3.3.0 + knot_tsig_rdata_tsig_variables_length@Base 3.3.0 + knot_tsig_server_check@Base 3.3.0 + knot_tsig_sign@Base 3.3.0 + knot_tsig_sign_next@Base 3.3.0 + knot_tsig_wire_maxsize@Base 3.3.0 + knot_tsig_wire_size@Base 3.3.0 + knot_xdp_deinit@Base 3.3.0 + knot_xdp_init@Base 3.3.0 + knot_xdp_recv@Base 3.3.0 + knot_xdp_recv_finish@Base 3.3.0 + knot_xdp_reply_alloc@Base 3.3.0 + knot_xdp_send@Base 3.3.0 + knot_xdp_send_alloc@Base 3.3.0 + knot_xdp_send_finish@Base 3.3.0 + knot_xdp_send_free@Base 3.3.0 + knot_xdp_send_prepare@Base 3.3.0 + knot_xdp_socket_info@Base 3.3.0 + knot_xdp_socket_fd@Base 3.3.0 + yp_addr@Base 3.3.0 + yp_addr_noport@Base 3.3.0 + yp_addr_noport_to_bin@Base 3.3.0 + yp_addr_noport_to_txt@Base 3.3.0 + yp_addr_range_to_bin@Base 3.3.0 + yp_addr_range_to_txt@Base 3.3.0 + yp_addr_to_bin@Base 3.3.0 + yp_addr_to_txt@Base 3.3.0 + yp_base64_to_bin@Base 3.3.0 + yp_base64_to_txt@Base 3.3.0 + yp_bool_to_bin@Base 3.3.0 + yp_bool_to_txt@Base 3.3.0 + yp_deinit@Base 3.3.0 + yp_dname_to_bin@Base 3.3.0 + yp_dname_to_txt@Base 3.3.0 + yp_format_id@Base 3.3.0 + yp_format_key0@Base 3.3.0 + yp_format_key1@Base 3.3.0 + yp_hex_to_bin@Base 3.3.0 + yp_hex_to_txt@Base 3.3.0 + yp_init@Base 3.3.0 + yp_int_to_bin@Base 3.3.0 + yp_int_to_txt@Base 3.3.0 + yp_item_to_bin@Base 3.3.0 + yp_item_to_txt@Base 3.3.0 + yp_option_to_bin@Base 3.3.0 + yp_option_to_txt@Base 3.3.0 + yp_parse@Base 3.3.0 + yp_schema_check_deinit@Base 3.3.0 + yp_schema_check_init@Base 3.3.0 + yp_schema_check_parser@Base 3.3.0 + yp_schema_check_str@Base 3.3.0 + yp_schema_copy@Base 3.3.0 + yp_schema_find@Base 3.3.0 + yp_schema_free@Base 3.3.0 + yp_schema_merge@Base 3.3.0 + yp_schema_purge_dynamic@Base 3.3.0 + yp_set_input_file@Base 3.3.0 + yp_set_input_string@Base 3.3.0 + yp_str_to_bin@Base 3.3.0 + yp_str_to_txt@Base 3.3.0 diff --git a/distro/pkg/deb-nolibxdp/libzscanner4.install b/distro/pkg/deb-nolibxdp/libzscanner4.install new file mode 100644 index 0000000..a8dc226 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/libzscanner4.install @@ -0,0 +1 @@ +usr/lib/*/libzscanner.so.* diff --git a/distro/pkg/deb-nolibxdp/libzscanner4.symbols b/distro/pkg/deb-nolibxdp/libzscanner4.symbols new file mode 100644 index 0000000..99ac3b7 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/libzscanner4.symbols @@ -0,0 +1,12 @@ +libzscanner.so.4 libzscanner4 #MINVER# +* Build-Depends-Package: libknot-dev + zs_deinit@Base 3.1.0 + zs_errorname@Base 3.1.0 + zs_init@Base 3.1.0 + zs_parse_all@Base 3.1.0 + zs_parse_record@Base 3.1.0 + zs_set_input_file@Base 3.1.0 + zs_set_input_string@Base 3.1.0 + zs_set_processing@Base 3.1.0 + zs_set_processing_comment@Base 3.1.0 + zs_strerror@Base 3.1.0 diff --git a/distro/pkg/deb-nolibxdp/not-installed b/distro/pkg/deb-nolibxdp/not-installed new file mode 100644 index 0000000..c928be1 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/not-installed @@ -0,0 +1 @@ +etc/knot/example.com.zone diff --git a/distro/pkg/deb-nolibxdp/prepare-environment b/distro/pkg/deb-nolibxdp/prepare-environment new file mode 100755 index 0000000..7176f5e --- /dev/null +++ b/distro/pkg/deb-nolibxdp/prepare-environment @@ -0,0 +1,38 @@ +#!/bin/sh + +set -eu + +CONFFILE=${1:-/etc/knot/knot.conf} + +if [ ! -r $CONFFILE ]; then + echo "$CONFFILE doesn't exist or has wrong permissions." + exit 1; +fi + +KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE) +[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot + +mkdir --parents "$KNOT_RUNDIR"; + +KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + +if [ -n "$KNOT_USER" ]; then + if ! getent passwd $KNOT_USER >/dev/null; then + echo "Configured user '$KNOT_USER' doesn't exist." + exit 1 + fi + + KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + if [ -z "$KNOT_GROUP" ]; then + KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :) + fi + + if ! getent group $KNOT_GROUP >/dev/null; then + echo "Configured group '$KNOT_GROUP' doesn't exist." + exit 1 + fi + chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR" + chmod 775 "$KNOT_RUNDIR" +fi + +: diff --git a/distro/pkg/deb-nolibxdp/python3-libknot.install b/distro/pkg/deb-nolibxdp/python3-libknot.install new file mode 100644 index 0000000..ce92dec --- /dev/null +++ b/distro/pkg/deb-nolibxdp/python3-libknot.install @@ -0,0 +1,2 @@ +usr/lib/python3*/dist-packages/libknot-*.egg-info +usr/lib/python3*/dist-packages/libknot/*.py diff --git a/distro/pkg/deb-nolibxdp/rules b/distro/pkg/deb-nolibxdp/rules new file mode 100755 index 0000000..82cc34b --- /dev/null +++ b/distro/pkg/deb-nolibxdp/rules @@ -0,0 +1,101 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG +export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +export DPKG_GENSYMBOLS_CHECK_LEVEL := 4 +export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so + +include /usr/share/dpkg/default.mk + +ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint)) + FASTPARSER := --disable-fastparser +else + FASTPARSER := --enable-fastparser +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386)) + RECVMMSG:=--enable-recvmmsg=no +else + RECVMMSG:=--enable-recvmmsg=yes +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386)) + RUN_TEST := +else + RUN_TEST := -timeout --kill-after=5s 5m +endif + +LIBKNOT_SYMBOLS := $(wildcard $(CURDIR)/debian/libknot*.symbols) + +# MAJOR.MINOR version part +BASE_VERSION := $(shell echo $(DEB_VERSION) | sed 's/^\([^.]\+\.[^.]\+\).*/\1/') + +# pyproject is supported by knot but fails on second `pybuild --build` +# invocation due to bug in dh-python's plugin_pyproject.py wheel unpack +export PYBUILD_SYSTEM = distutils + + +%: + dh $@ \ + --exclude=.la --exclude=example.com.zone \ + --with python3 + +override_dh_auto_configure: + dh_auto_configure -- \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot/modules-$(BASE_VERSION) \ + --with-storage=/var/lib/knot \ + --enable-systemd=auto \ + --enable-dnstap \ + --with-module-dnstap=shared \ + --with-module-geoip=shared \ + $(RECVMMSG) \ + $(FASTPARSER) \ + --disable-silent-rules \ + --enable-xdp=yes \ + --enable-quic=yes \ + --disable-static + +override_dh_auto_configure-indep: + pybuild --dir python/libknot --configure + pybuild --dir python/knot_exporter --configure + +override_dh_auto_build-indep: + dh_auto_build -- html + pybuild --dir python/libknot --build + pybuild --dir python/knot_exporter --build + +override_dh_auto_install-arch: + dh_auto_install -- install + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + @if grep -E -q "DoQ support: +no" "$(CURDIR)/debian/tmp/usr/sbin/knotd"; then \ + echo "Stripping the QUIC symbols"; \ + sed -i '/knot_quic_/d' $(LIBKNOT_SYMBOLS); \ + fi + +override_dh_auto_install-indep: + dh_auto_install -- install-html + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + pybuild --dir python/libknot --install + pybuild --dir python/knot_exporter --install + rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/libknot/__pycache__ + rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/knot_exporter/__pycache__ + +override_dh_auto_test-indep: +override_dh_auto_test-arch: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + $(RUN_TEST) dh_auto_test +endif + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installchangelogs: + dh_installchangelogs NEWS diff --git a/distro/pkg/deb-nolibxdp/source/format b/distro/pkg/deb-nolibxdp/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/distro/pkg/deb-nolibxdp/tests/authoritative-server b/distro/pkg/deb-nolibxdp/tests/authoritative-server new file mode 100755 index 0000000..028dfbf --- /dev/null +++ b/distro/pkg/deb-nolibxdp/tests/authoritative-server @@ -0,0 +1,150 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# 2018-11-02 +# License: GPLv3+ + +# error on exit +set -e +# for handling jobspecs: +set -m + +if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then + d="$(mktemp -d)" + remove="$d" +else + d="$AUTOPKGTEST_ARTIFACTS" +fi +ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}" +port="${PORT:-8123}" +knotc="${KNOTC:-/usr/sbin/knotc}" +knotd="${KNOTD:-/usr/sbin/knotd}" +keymgr="${KEYMGR:-/usr/sbin/keymgr}" +kdig="${KDIG:-$(command -v kdig)}" +kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}" +test_address="${TEST_ADDRESS:-192.0.2.199}" + +declare -a knot_conf="--config=$d/knot.conf" +declare -a knot_args=("$knot_conf" --verbose) + +printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}" + +section() { + printf "\n%s\n" "$1" + sed 's/./-/g' <<<"$1" +} + +cleanup () { + section "cleaning up" + find "$d" -ls + "${knotc}" "${knot_args[@]}" stop + wait %1 + tail -n +1 -v "$d"/*.err + if [ "$remove" ]; then + printf "\ncleaning up working directory %s\n" "$remove" + rm -rf "$remove" + fi +} +trap cleanup EXIT + +section "set up config file and zonefile" + +user=$(id -nu) +group=$(id -ng) +cat > "$d/knot.conf" <<EOF +server: + rundir: "$d" + listen: $ip@$port + user: $user:$group +database: + storage: "$d" +template: + - id: default + storage: "$d" + file: "%s.zone" +zone: + - domain: example.net + dnssec-signing: on +EOF + +cat > "$d/example.net.zone" <<EOF +@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d +@ 1D IN NS a.ns.example.net. +@ 1D IN NS b.ns.example.net. +a.ns 1D IN A 192.0.2.1 +b.ns 1D IN A 192.0.2.2 +test 1D IN A $test_address +EOF + +find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v + +mkdir -p "${d}" + +section "kzonecheck'ing zonefile" +"${kzonecheck}" -v "$d/example.net.zone" + +section "launching knot" +"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" & + +# FIXME: this is an annoying poll -- would be better if we could be +# alerted when the daemon is done setting up the socket, but i don't +# want to "--daemonize" if i can avoid it because i want the shell to +# remain in direct supervision of all its processes +tried=0 +while [ $tried -lt 10 ] ; do + if "${knotc}" "${knot_args[@]}" status 2>&1; then + break; + fi + sleep 0.5 + tried=$(( $tried + 1 )) +done +if [ $tried -ge 10 ]; then + printf "failed to use %s\n" "${knotc}" >&2 + exit 1 +fi + +section "querying knot" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "" ]; then + printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2 + exit 1 +fi + +section "modifying zone" +printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone" +sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone" +"${knotc}" "${knot_args[@]}" reload +sleep 1 + +section "querying again" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "$test_address" ]; then + printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2 + exit 1 +fi + +section "querying DNSSEC" +"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec +if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then + printf "DNSSEC query not successful" >&2 + exit 1 +fi + +section "listing keys with keymgr" +"${keymgr}" "$knot_conf" -e example.net. list +if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then + printf "keymgr did not list KSK as expected" >&2 + exit 1 +fi diff --git a/distro/pkg/deb-nolibxdp/tests/control b/distro/pkg/deb-nolibxdp/tests/control new file mode 100644 index 0000000..e8b3dcb --- /dev/null +++ b/distro/pkg/deb-nolibxdp/tests/control @@ -0,0 +1,13 @@ +Tests: kdig +Restrictions: skippable +Depends: + ca-certificates, + iputils-ping, + knot-dnsutils, + +Tests: authoritative-server +Depends: + findutils, + knot, + knot-dnsutils, + knot-dnssecutils, diff --git a/distro/pkg/deb-nolibxdp/tests/kdig b/distro/pkg/deb-nolibxdp/tests/kdig new file mode 100755 index 0000000..f1dbe5a --- /dev/null +++ b/distro/pkg/deb-nolibxdp/tests/kdig @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +# Skip the test if no internet access +ping -c1 1.1.1.1 2>&1 || exit 77 + +expected=198.41.0.4 +answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true) + +if [ "$answer" != "$expected" ]; then + printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2 + kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A +fi diff --git a/distro/pkg/deb-nolibxdp/ufw/knot b/distro/pkg/deb-nolibxdp/ufw/knot new file mode 100644 index 0000000..ee36916 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/ufw/knot @@ -0,0 +1,4 @@ +[Knot] +title=Internet Domain Name Server +description=The Knot DNS implements an Internet domain name server. +ports=53 diff --git a/distro/pkg/deb-nolibxdp/watch b/distro/pkg/deb-nolibxdp/watch new file mode 100644 index 0000000..7cf9ea1 --- /dev/null +++ b/distro/pkg/deb-nolibxdp/watch @@ -0,0 +1,4 @@ +version=4 +opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \ +https://secure.nic.cz/files/knot-dns/ \ +(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) diff --git a/distro/pkg/deb-noxdp/changelog b/distro/pkg/deb-noxdp/changelog new file mode 100644 index 0000000..123f92b --- /dev/null +++ b/distro/pkg/deb-noxdp/changelog @@ -0,0 +1,6 @@ +knot ({{ version }}-cznic.{{ release }}) unstable; urgency=medium + + * upstream package + * see https://www.knot-dns.cz + + -- Knot DNS <knot-dns@labs.nic.cz> {{ now }} diff --git a/distro/pkg/deb-noxdp/clean b/distro/pkg/deb-noxdp/clean new file mode 100644 index 0000000..b2a9f3f --- /dev/null +++ b/distro/pkg/deb-noxdp/clean @@ -0,0 +1,2 @@ +doc/modules +.pybuild/ diff --git a/distro/pkg/deb-noxdp/compat b/distro/pkg/deb-noxdp/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/distro/pkg/deb-noxdp/compat @@ -0,0 +1 @@ +11 diff --git a/distro/pkg/deb-noxdp/control b/distro/pkg/deb-noxdp/control new file mode 100644 index 0000000..147715a --- /dev/null +++ b/distro/pkg/deb-noxdp/control @@ -0,0 +1,287 @@ +Source: knot +Section: net +Priority: optional +Maintainer: Knot DNS <knot-dns@labs.nic.cz> +Uploaders: + Jakub Ružička <jakub.ruzicka@nic.cz>, + Daniel Salzman <daniel.salzman@nic.cz>, +Build-Depends-Indep: + python3-setuptools, + python3-sphinx, +Build-Depends: + autoconf, + automake, + debhelper (>= 11), + dh-python, + libcap-ng-dev, + libedit-dev, + libfstrm-dev, + libgnutls28-dev, + libidn2-dev, + liblmdb-dev, + libmaxminddb-dev, + libmnl-dev, + libnghttp2-dev, + libprotobuf-c-dev, + libsofthsm2 <!nocheck>, + libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any], + libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any], + libtool, + liburcu-dev, + pkg-config, + protobuf-c-compiler, + python3-all, +Standards-Version: 4.5.0 +Homepage: https://www.knot-dns.cz/ +Vcs-Browser: https://gitlab.nic.cz/knot/knot-dns +Vcs-Git: https://gitlab.nic.cz/knot/knot-dns.git +Rules-Requires-Root: no + +Package: knot +Architecture: any +Depends: + adduser, + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + lsb-base (>= 3.0-6), + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +Suggests: + systemd, +Description: Authoritative domain name server + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + +Package: libknot14 +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a DNS shared library used by Knot DNS and + Knot Resolver. + +Package: libzscanner4 +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS zone-parsing shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a fast zone parser shared library used by Knot + DNS and Knot Resolver. + +Package: libdnssec9 +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNSSEC shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides common DNSSEC shared library used by Knot DNS + and Knot Resolver. + +Package: libknot-dev +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libgnutls28-dev, + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Section: libdevel +Description: Knot DNS shared library development files + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides development files for shared libraries from Knot DNS. + +Package: knot-dnsutils +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: DNS clients provided with Knot DNS (kdig, knsupdate) + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various DNS client programs from Knot DNS. + . + - kdig - query a DNS server in various ways + - knsupdate - perform dynamic updates (See RFC2136) + . + Those clients were designed to be almost 1:1 compatible with BIND dnsutils, + but they provide some enhancements, which are documented. + . + WARNING: knslookup is not provided as it is considered obsolete. + +Package: knot-dnssecutils +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: DNSSEC tools provided with Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various DNSSEC tools from Knot DNS. + . + - kzonecheck + - kzonesign + - knsec3hash + +Package: knot-host +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Version of 'host' bundled with Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides the 'host' program from Knot DNS. This program is + designed to be almost 1:1 compatible with BIND 9.x 'host' program. + +Package: knot-module-dnstap +Architecture: any +Multi-Arch: same +Depends: + knot (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: dnstap module for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package contains dnstap module for logging DNS traffic. + +Package: knot-module-geoip +Architecture: any +Multi-Arch: same +Depends: + knot (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: geoip module for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package contains geoip module for geography-based responses. + +Package: knot-doc +Architecture: all +Multi-Arch: foreign +Depends: + libjs-jquery, + libjs-sphinxdoc, + libjs-underscore, + ${misc:Depends}, +Section: doc +Description: Documentation for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides various documents that are useful for + maintaining a working Knot DNS installation. + +Package: knot-exporter +Architecture: all +Depends: + ${misc:Depends}, + ${python3:Depends}, +Section: python +Description: Prometheus exporter for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides Python Prometheus exporter for Knot DNS. + +Package: python3-libknot +Architecture: all +Depends: + ${misc:Depends}, + ${python3:Depends}, +Section: python +Description: Python bindings for libknot + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides Python bindings for the libknot shared library. diff --git a/distro/pkg/deb-noxdp/copyright b/distro/pkg/deb-noxdp/copyright new file mode 100644 index 0000000..20c8b97 --- /dev/null +++ b/distro/pkg/deb-noxdp/copyright @@ -0,0 +1,179 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Knot DNS +Upstream-Contact: knot-dns@labs.nic.cz +Source: https://secure.nic.cz/files/knot-dns/ + +Files: * +Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: m4/* +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1996-2001, 2003-2015 Free Software Foundation, Inc. +License: GPL-3+ + +Files: install-sh +Copyright: 1994 X Consortium +License: MIT + +Files: debian/* distro/pkg/deb/* +Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2011 Ondřej Surý <ondrej@debian.org> +License: GPL-3+ + +Files: tests/tap/* +Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu> + 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University +License: MIT + +Files: tests/tap/files.* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/dnstap/* +Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com> + 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/libngtcp2/* +Copyright: 2016-2023 ngtcp2 contributors + 2012-2017 nghttp2 contributors +License: MIT + +Files: src/contrib/musl/* +Copyright: 2005-2020 Rich Felker, et al. +License: MIT + +Files: src/contrib/openbsd/siphash.* +Copyright: 2013 Andre Oppermann <andre@FreeBSD.org> +License: BSD-3-Clause + +Files: src/contrib/openbsd/strl* +Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com> +License: 0BSD + +Files: src/contrib/proxyv2/* +Copyright: 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2021 Fastly, Inc. +License: GPL-3+ + +Files: src/contrib/qp-trie/* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2018 Tony Finch <dot@dotat.at> +License: GPL-3+ + +Files: src/contrib/ucw/* +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1997-2017 Martin Mares <mj@ucw.cz> + 2007 Pavel Charvat <pchar@ucw.cz> + 2012 Ondrej Filip <feela@network.cz> +License: LGPL-2.0 + +Files: src/contrib/ucw/heap.h +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/url-parser/* +Copyright: 2020 Igor Sysoev + 2020 Nginx, Inc. + 2020 Joyent, Inc. +License: MIT + +Files: src/contrib/vpool/* +Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org> +License: 0BSD + +Files: tests-fuzz/main.c +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2017 Tim Ruehsen +License: MIT + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the full text of the GNU General Public License + version 3 can be found in the file `/usr/share/common-licenses/GPL-3'. + +License: LGPL-2.0 + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + . + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301, USA. + +License: 0BSD + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without modification, + are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + 3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. diff --git a/distro/pkg/deb-noxdp/cz.nic.knotd.conf b/distro/pkg/deb-noxdp/cz.nic.knotd.conf new file mode 100644 index 0000000..50af87a --- /dev/null +++ b/distro/pkg/deb-noxdp/cz.nic.knotd.conf @@ -0,0 +1,9 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="knot"> + <allow own="cz.nic.knotd" /> + </policy> + <policy context="default"> + <allow receive_sender="cz.nic.knotd" /> + </policy> +</busconfig> diff --git a/distro/pkg/deb-noxdp/docs b/distro/pkg/deb-noxdp/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/distro/pkg/deb-noxdp/docs @@ -0,0 +1 @@ +README.md diff --git a/distro/pkg/deb-noxdp/knot-dnssecutils.install b/distro/pkg/deb-noxdp/knot-dnssecutils.install new file mode 100644 index 0000000..20009e8 --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-dnssecutils.install @@ -0,0 +1,3 @@ +usr/bin/knsec3hash +usr/bin/kzonecheck +usr/bin/kzonesign diff --git a/distro/pkg/deb-noxdp/knot-dnssecutils.manpages b/distro/pkg/deb-noxdp/knot-dnssecutils.manpages new file mode 100644 index 0000000..913c4cb --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-dnssecutils.manpages @@ -0,0 +1,3 @@ +usr/share/man/man1/knsec3hash.1 +usr/share/man/man1/kzonecheck.1 +usr/share/man/man1/kzonesign.1 diff --git a/distro/pkg/deb-noxdp/knot-dnsutils.install b/distro/pkg/deb-noxdp/knot-dnsutils.install new file mode 100644 index 0000000..960fa92 --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-dnsutils.install @@ -0,0 +1,2 @@ +usr/bin/kdig +usr/bin/knsupdate diff --git a/distro/pkg/deb-noxdp/knot-dnsutils.manpages b/distro/pkg/deb-noxdp/knot-dnsutils.manpages new file mode 100644 index 0000000..3cc29ec --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-dnsutils.manpages @@ -0,0 +1,2 @@ +usr/share/man/man1/kdig.1 +usr/share/man/man1/knsupdate.1 diff --git a/distro/pkg/deb-noxdp/knot-doc.install b/distro/pkg/deb-noxdp/knot-doc.install new file mode 100644 index 0000000..c2a345d --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-doc.install @@ -0,0 +1 @@ +usr/share/doc/knot/* /usr/share/doc/knot-doc/ diff --git a/distro/pkg/deb-noxdp/knot-doc.links b/distro/pkg/deb-noxdp/knot-doc.links new file mode 100644 index 0000000..1376b3a --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-doc.links @@ -0,0 +1,5 @@ +usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js +usr/share/javascript/sphinxdoc/1.0/doctools.js usr/share/doc/knot-doc/_static/doctools.js +usr/share/javascript/sphinxdoc/1.0/language_data.js usr/share/doc/knot-doc/_static/language_data.js +usr/share/javascript/sphinxdoc/1.0/searchtools.js usr/share/doc/knot-doc/_static/searchtools.js +usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js diff --git a/distro/pkg/deb-noxdp/knot-exporter.install b/distro/pkg/deb-noxdp/knot-exporter.install new file mode 100644 index 0000000..4c2d5ed --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-exporter.install @@ -0,0 +1,3 @@ +usr/lib/python3*/dist-packages/knot_exporter-*.egg-info +usr/lib/python3*/dist-packages/knot_exporter/*.py +usr/bin/knot-exporter /usr/sbin/knot-exporter diff --git a/distro/pkg/deb-noxdp/knot-host.install b/distro/pkg/deb-noxdp/knot-host.install new file mode 100644 index 0000000..51bacf0 --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-host.install @@ -0,0 +1 @@ +usr/bin/khost diff --git a/distro/pkg/deb-noxdp/knot-host.manpages b/distro/pkg/deb-noxdp/knot-host.manpages new file mode 100644 index 0000000..4891e2c --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-host.manpages @@ -0,0 +1 @@ +usr/share/man/man1/khost.1 diff --git a/distro/pkg/deb-noxdp/knot-module-dnstap.install b/distro/pkg/deb-noxdp/knot-module-dnstap.install new file mode 100644 index 0000000..983455e --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-module-dnstap.install @@ -0,0 +1 @@ +usr/lib/*/knot/modules-*/dnstap.so diff --git a/distro/pkg/deb-noxdp/knot-module-geoip.install b/distro/pkg/deb-noxdp/knot-module-geoip.install new file mode 100644 index 0000000..16d87c3 --- /dev/null +++ b/distro/pkg/deb-noxdp/knot-module-geoip.install @@ -0,0 +1 @@ +usr/lib/*/knot/modules-*/geoip.so diff --git a/distro/pkg/deb-noxdp/knot.dirs b/distro/pkg/deb-noxdp/knot.dirs new file mode 100644 index 0000000..6e937aa --- /dev/null +++ b/distro/pkg/deb-noxdp/knot.dirs @@ -0,0 +1 @@ +var/lib/knot diff --git a/distro/pkg/deb-noxdp/knot.init b/distro/pkg/deb-noxdp/knot.init new file mode 100644 index 0000000..3f8fcae --- /dev/null +++ b/distro/pkg/deb-noxdp/knot.init @@ -0,0 +1,149 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: knot +# Required-Start: $network $local_fs $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: authoritative domain name server +# Description: Knot DNS is a authoritative-only domain name server +### END INIT INFO + +# Author: Ondřej Surý <ondrej@debian.org> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Knot DNS server" # Introduce a short description here +NAME=knotd # Introduce the short server's name here +DAEMON=/usr/sbin/$NAME # Introduce the server's location here +PIDFILE=/run/knot/knot.pid +SCRIPTNAME=/etc/init.d/knot +KNOTC=/usr/sbin/knotc +RUNDIR=/run/knot + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +KNOTD_ARGS="" + +# Read configuration variable file if it is present +[ -r /etc/default/knot ] && . /etc/default/knot + +DAEMON_ARGS="-d $KNOTD_ARGS" + +# Define LSB log_* functions. +# Depend on sysvinit-utils (>= 2.96) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + $KNOTC status >/dev/null 2>/dev/null \ + && return 1 + + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + $KNOTC status >/dev/null 2>/dev/null \ + || return 1 + + $KNOTC stop >/dev/null + RETVAL="$?" + [ $? = 1 ] && return 2 + + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return 0 +} + +do_reload() { + $KNOTC reload >/dev/null + return $? +} + +do_mkrundir() { + mkdir -p $RUNDIR + chmod 0755 $RUNDIR + chown knot:knot $RUNDIR +} + +case "$1" in + start) + do_mkrundir + log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + STATUS=$($KNOTC status 2>&1 >/dev/null) + RETVAL=$? + if [ $RETVAL = 0 ]; then + log_success_msg "$NAME is running" + else + log_failure_msg "$NAME is not running ($STATUS)" + fi + exit $RETVAL + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/distro/pkg/deb-noxdp/knot.install b/distro/pkg/deb-noxdp/knot.install new file mode 100644 index 0000000..5c716fc --- /dev/null +++ b/distro/pkg/deb-noxdp/knot.install @@ -0,0 +1,8 @@ +debian/cz.nic.knotd.conf usr/share/dbus-1/system.d/ +debian/ufw/knot etc/ufw/applications.d/ +etc/knot/knot.conf +usr/sbin/kcatalogprint +usr/sbin/keymgr +usr/sbin/kjournalprint +usr/sbin/knotc +usr/sbin/knotd diff --git a/distro/pkg/deb-noxdp/knot.manpages b/distro/pkg/deb-noxdp/knot.manpages new file mode 100644 index 0000000..5d23e9f --- /dev/null +++ b/distro/pkg/deb-noxdp/knot.manpages @@ -0,0 +1,6 @@ +usr/share/man/man5/knot.conf.5 +usr/share/man/man8/kcatalogprint.8 +usr/share/man/man8/keymgr.8 +usr/share/man/man8/kjournalprint.8 +usr/share/man/man8/knotc.8 +usr/share/man/man8/knotd.8 diff --git a/distro/pkg/deb-noxdp/knot.postinst b/distro/pkg/deb-noxdp/knot.postinst new file mode 100644 index 0000000..da747c8 --- /dev/null +++ b/distro/pkg/deb-noxdp/knot.postinst @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +if [ "$1" = "configure" ]; then + if ! getent passwd knot > /dev/null; then + adduser --quiet --system --group --no-create-home --home /var/lib/knot knot + fi + + dpkg-statoverride --list /var/lib/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0770 /var/lib/knot + dpkg-statoverride --list /etc/knot/knot.conf >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0640 /etc/knot/knot.conf + dpkg-statoverride --list /etc/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0750 /etc/knot +fi + +#DEBHELPER# + +exit 0 diff --git a/distro/pkg/deb-noxdp/knot.postrm b/distro/pkg/deb-noxdp/knot.postrm new file mode 100644 index 0000000..14b3d69 --- /dev/null +++ b/distro/pkg/deb-noxdp/knot.postrm @@ -0,0 +1,21 @@ +#!/bin/sh +set -e + +if test "$1" = "purge"; then + state_dir=/var/lib/knot + for db_name in "catalog" "confdb" "journal" "keys" "timers"; do + rm -rf $state_dir/$db_name >/dev/null 2>&1 || true + done + rmdir $state_dir >/dev/null 2>&1 || true + [ -e $state_dir/* ] && echo "Notice: there are still data in ${state_dir}, please check." + + dpkg-statoverride --remove /var/lib/knot >/dev/null 2>&1 || true + dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>&1 || true + dpkg-statoverride --remove /etc/knot >/dev/null 2>&1 || true + + deluser --quiet knot >/dev/null 2>&1 || true +fi + +#DEBHELPER# + +exit 0 diff --git a/distro/pkg/deb-noxdp/knot.service b/distro/pkg/deb-noxdp/knot.service new file mode 100644 index 0000000..e6c13ed --- /dev/null +++ b/distro/pkg/deb-noxdp/knot.service @@ -0,0 +1,30 @@ +[Unit] +Description=Knot DNS server +Wants=network-online.target +After=network-online.target +Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) + +[Service] +Type=notify +User=knot +Group=knot +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP +ExecStartPre=/usr/sbin/knotc conf-check +ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE" +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-abort +LimitNOFILE=1048576 +TimeoutStopSec=300 +# Extend the systemd startup timeout by this value (seconds) for each zone +Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180" +# Maximum size (MiB) of a configuration database +Environment="KNOT_CONF_MAX_SIZE=512" + +# Expected systemd >= v239 +RuntimeDirectory=knot +StateDirectory=knot +NoNewPrivileges=yes + +[Install] +WantedBy=multi-user.target diff --git a/distro/pkg/deb-noxdp/libdnssec9.install b/distro/pkg/deb-noxdp/libdnssec9.install new file mode 100644 index 0000000..17a9fe6 --- /dev/null +++ b/distro/pkg/deb-noxdp/libdnssec9.install @@ -0,0 +1 @@ +usr/lib/*/libdnssec.so.* diff --git a/distro/pkg/deb-noxdp/libdnssec9.symbols b/distro/pkg/deb-noxdp/libdnssec9.symbols new file mode 100644 index 0000000..c3ab2ed --- /dev/null +++ b/distro/pkg/deb-noxdp/libdnssec9.symbols @@ -0,0 +1,96 @@ +libdnssec.so.9 libdnssec9 #MINVER# +* Build-Depends-Package: libknot-dev + dnssec_algorithm_digest_support@Base 3.2.0 + dnssec_algorithm_key_size_check@Base 3.2.0 + dnssec_algorithm_key_size_default@Base 3.2.0 + dnssec_algorithm_key_size_range@Base 3.2.0 + dnssec_algorithm_key_support@Base 3.2.0 + dnssec_algorithm_reproducible@Base 3.2.0 + dnssec_binary_alloc@Base 3.2.0 + dnssec_binary_cmp@Base 3.2.0 + dnssec_binary_dup@Base 3.2.0 + dnssec_binary_free@Base 3.2.0 + dnssec_binary_from_base64@Base 3.2.0 + dnssec_binary_resize@Base 3.2.0 + dnssec_binary_to_base64@Base 3.2.0 + dnssec_crypto_cleanup@Base 3.2.0 + dnssec_crypto_init@Base 3.2.0 + dnssec_crypto_reinit@Base 3.2.0 + dnssec_digest@Base 3.2.0 + dnssec_digest_finish@Base 3.2.0 + dnssec_digest_init@Base 3.2.0 + dnssec_key_can_sign@Base 3.2.0 + dnssec_key_can_verify@Base 3.2.0 + dnssec_key_clear@Base 3.2.0 + dnssec_key_create_ds@Base 3.2.0 + dnssec_key_dup@Base 3.2.0 + dnssec_key_free@Base 3.2.0 + dnssec_key_get_algorithm@Base 3.2.0 + dnssec_key_get_dname@Base 3.2.0 + dnssec_key_get_flags@Base 3.2.0 + dnssec_key_get_keyid@Base 3.2.0 + dnssec_key_get_keytag@Base 3.2.0 + dnssec_key_get_protocol@Base 3.2.0 + dnssec_key_get_pubkey@Base 3.2.0 + dnssec_key_get_rdata@Base 3.2.0 + dnssec_key_get_size@Base 3.2.0 + dnssec_key_load_pkcs8@Base 3.2.0 + dnssec_key_new@Base 3.2.0 + dnssec_key_set_algorithm@Base 3.2.0 + dnssec_key_set_dname@Base 3.2.0 + dnssec_key_set_flags@Base 3.2.0 + dnssec_key_set_protocol@Base 3.2.0 + dnssec_key_set_pubkey@Base 3.2.0 + dnssec_key_set_rdata@Base 3.2.0 + dnssec_keyid_copy@Base 3.2.0 + dnssec_keyid_equal@Base 3.2.0 + dnssec_keyid_is_valid@Base 3.2.0 + dnssec_keyid_normalize@Base 3.2.0 + dnssec_keystore_close@Base 3.2.0 + dnssec_keystore_deinit@Base 3.2.0 + dnssec_keystore_generate@Base 3.2.0 + dnssec_keystore_get_private@Base 3.2.0 + dnssec_keystore_import@Base 3.2.0 + dnssec_keystore_init@Base 3.2.0 + dnssec_keystore_init_pkcs11@Base 3.2.0 + dnssec_keystore_init_pkcs8@Base 3.2.0 + dnssec_keystore_open@Base 3.2.0 + dnssec_keystore_remove@Base 3.2.0 + dnssec_keystore_set_private@Base 3.2.0 + dnssec_keytag@Base 3.2.0 + dnssec_nsec3_hash@Base 3.2.0 + dnssec_nsec3_hash_length@Base 3.2.0 + dnssec_nsec3_params_free@Base 3.2.0 + dnssec_nsec3_params_from_rdata@Base 3.2.0 + dnssec_nsec3_params_match@Base 3.2.0 + dnssec_nsec_bitmap_add@Base 3.2.0 + dnssec_nsec_bitmap_clear@Base 3.2.0 + dnssec_nsec_bitmap_contains@Base 3.2.0 + dnssec_nsec_bitmap_free@Base 3.2.0 + dnssec_nsec_bitmap_new@Base 3.2.0 + dnssec_nsec_bitmap_size@Base 3.2.0 + dnssec_nsec_bitmap_write@Base 3.2.0 + dnssec_pem_from_privkey@Base 3.2.0 + dnssec_pem_from_x509@Base 3.2.0 + dnssec_pem_to_privkey@Base 3.2.0 + dnssec_pem_to_x509@Base 3.2.0 + dnssec_random_binary@Base 3.2.0 + dnssec_random_buffer@Base 3.2.0 + dnssec_sign_add@Base 3.2.0 + dnssec_sign_free@Base 3.2.0 + dnssec_sign_init@Base 3.2.0 + dnssec_sign_new@Base 3.2.0 + dnssec_sign_verify@Base 3.2.0 + dnssec_sign_write@Base 3.2.0 + dnssec_strerror@Base 3.2.0 + dnssec_tsig_add@Base 3.2.0 + dnssec_tsig_algorithm_from_dname@Base 3.2.0 + dnssec_tsig_algorithm_from_name@Base 3.2.0 + dnssec_tsig_algorithm_size@Base 3.2.0 + dnssec_tsig_algorithm_to_dname@Base 3.2.0 + dnssec_tsig_algorithm_to_name@Base 3.2.0 + dnssec_tsig_free@Base 3.2.0 + dnssec_tsig_new@Base 3.2.0 + dnssec_tsig_optimal_key_size@Base 3.2.0 + dnssec_tsig_size@Base 3.2.0 + dnssec_tsig_write@Base 3.2.0 diff --git a/distro/pkg/deb-noxdp/libknot-dev.install b/distro/pkg/deb-noxdp/libknot-dev.install new file mode 100644 index 0000000..cb60d88 --- /dev/null +++ b/distro/pkg/deb-noxdp/libknot-dev.install @@ -0,0 +1,3 @@ +usr/include/ +usr/lib/*/*.so +usr/lib/*/pkgconfig/* diff --git a/distro/pkg/deb-noxdp/libknot14.install b/distro/pkg/deb-noxdp/libknot14.install new file mode 100644 index 0000000..f9b9f93 --- /dev/null +++ b/distro/pkg/deb-noxdp/libknot14.install @@ -0,0 +1 @@ +usr/lib/*/libknot.so.* diff --git a/distro/pkg/deb-noxdp/libknot14.symbols b/distro/pkg/deb-noxdp/libknot14.symbols new file mode 100644 index 0000000..9a30548 --- /dev/null +++ b/distro/pkg/deb-noxdp/libknot14.symbols @@ -0,0 +1,225 @@ +libknot.so.14 libknot14 #MINVER# + KNOT_DB_LMDB_DUPSORT@Base 3.3.0 + KNOT_DB_LMDB_INTEGERKEY@Base 3.3.0 + KNOT_DB_LMDB_MAPASYNC@Base 3.3.0 + KNOT_DB_LMDB_NOSYNC@Base 3.3.0 + KNOT_DB_LMDB_NOTLS@Base 3.3.0 + KNOT_DB_LMDB_RDONLY@Base 3.3.0 + KNOT_DB_LMDB_WRITEMAP@Base 3.3.0 + KNOT_DUMP_STYLE_DEFAULT@Base 3.3.0 + knot_ctl_accept@Base 3.3.0 + knot_ctl_alloc@Base 3.3.0 + knot_ctl_bind@Base 3.3.0 + knot_ctl_close@Base 3.3.0 + knot_ctl_connect@Base 3.3.0 + knot_ctl_free@Base 3.3.0 + knot_ctl_receive@Base 3.3.0 + knot_ctl_send@Base 3.3.0 + knot_ctl_set_timeout@Base 3.3.0 + knot_ctl_unbind@Base 3.3.0 + knot_db_lmdb_api@Base 3.3.0 + knot_db_lmdb_del_exact@Base 3.3.0 + knot_db_lmdb_get_mapsize@Base 3.3.0 + knot_db_lmdb_get_path@Base 3.3.0 + knot_db_lmdb_get_usage@Base 3.3.0 + knot_db_lmdb_iter_del@Base 3.3.0 + knot_db_lmdb_txn_begin@Base 3.3.0 + knot_db_trie_api@Base 3.3.0 + knot_dname_cmp@Base 3.3.0 + knot_dname_copy@Base 3.3.0 + knot_dname_copy_lower@Base 3.3.0 + knot_dname_free@Base 3.3.0 + knot_dname_from_str@Base 3.3.0 + knot_dname_in_bailiwick@Base 3.3.0 + knot_dname_is_case_equal@Base 3.3.0 + knot_dname_is_equal@Base 3.3.0 + knot_dname_labels@Base 3.3.0 + knot_dname_lf@Base 3.3.0 + knot_dname_matched_labels@Base 3.3.0 + knot_dname_prefixlen@Base 3.3.0 + knot_dname_realsize@Base 3.3.0 + knot_dname_replace_suffix@Base 3.3.0 + knot_dname_size@Base 3.3.0 + knot_dname_store@Base 3.3.0 + knot_dname_to_lower@Base 3.3.0 + knot_dname_to_str@Base 3.3.0 + knot_dname_to_wire@Base 3.3.0 + knot_dname_unpack@Base 3.3.0 + knot_dname_wire_check@Base 3.3.0 + knot_dnssec_alg_names@Base 3.3.0 + knot_edns_add_option@Base 3.3.0 + knot_edns_alignment_size@Base 3.3.0 + knot_edns_chain_parse@Base 3.3.0 + knot_edns_chain_size@Base 3.3.0 + knot_edns_chain_write@Base 3.3.0 + knot_edns_client_subnet_get_addr@Base 3.3.0 + knot_edns_client_subnet_parse@Base 3.3.0 + knot_edns_client_subnet_set_addr@Base 3.3.0 + knot_edns_client_subnet_size@Base 3.3.0 + knot_edns_client_subnet_write@Base 3.3.0 + knot_edns_cookie_client_check@Base 3.3.0 + knot_edns_cookie_client_generate@Base 3.3.0 + knot_edns_cookie_parse@Base 3.3.0 + knot_edns_cookie_server_check@Base 3.3.0 + knot_edns_cookie_server_generate@Base 3.3.0 + knot_edns_cookie_size@Base 3.3.0 + knot_edns_cookie_write@Base 3.3.0 + knot_edns_ede_names@Base 3.3.0 + knot_edns_get_ext_rcode@Base 3.3.0 + knot_edns_get_option@Base 3.3.0 + knot_edns_get_options@Base 3.3.0 + knot_edns_get_version@Base 3.3.0 + knot_edns_init@Base 3.3.0 + knot_edns_keepalive_parse@Base 3.3.0 + knot_edns_keepalive_size@Base 3.3.0 + knot_edns_keepalive_write@Base 3.3.0 + knot_edns_opt_names@Base 3.3.0 + knot_edns_reserve_option@Base 3.3.0 + knot_edns_set_ext_rcode@Base 3.3.0 + knot_edns_set_version@Base 3.3.0 + knot_error_from_libdnssec@Base 3.3.0 + knot_get_obsolete_rdata_descriptor@Base 3.3.0 + knot_get_rdata_descriptor@Base 3.3.0 + knot_naptr_header_size@Base 3.3.0 + knot_opcode_names@Base 3.3.0 + knot_opt_code_to_string@Base 3.3.0 + knot_pkt_begin@Base 3.3.0 + knot_pkt_clear@Base 3.3.0 + knot_pkt_copy@Base 3.3.0 + knot_pkt_ext_rcode@Base 3.3.0 + knot_pkt_ext_rcode_name@Base 3.3.0 + knot_pkt_free@Base 3.3.0 + knot_pkt_init_response@Base 3.3.0 + knot_pkt_new@Base 3.3.0 + knot_pkt_parse@Base 3.3.0 + knot_pkt_parse_question@Base 3.3.0 + knot_pkt_put_question@Base 3.3.0 + knot_pkt_put_rotate@Base 3.3.0 + knot_pkt_reclaim@Base 3.3.0 + knot_pkt_reserve@Base 3.3.0 + knot_probe_alloc@Base 3.3.0 + knot_probe_consume@Base 3.3.0 + knot_probe_data_set@Base 3.3.0 + knot_probe_fd@Base 3.3.0 + knot_probe_free@Base 3.3.0 + knot_probe_produce@Base 3.3.0 + knot_probe_set_consumer@Base 3.3.0 + knot_probe_set_producer@Base 3.3.0 + knot_probe_tcp_rtt@Base 3.3.0 + knot_rcode_names@Base 3.3.0 + knot_rdataset_add@Base 3.3.0 + knot_rdataset_at@Base 3.3.0 + knot_rdataset_clear@Base 3.3.0 + knot_rdataset_copy@Base 3.3.0 + knot_rdataset_eq@Base 3.3.0 + knot_rdataset_intersect@Base 3.3.0 + knot_rdataset_intersect2@Base 3.3.0 + knot_rdataset_member@Base 3.3.0 + knot_rdataset_merge@Base 3.3.0 + knot_rdataset_subset@Base 3.3.0 + knot_rdataset_subtract@Base 3.3.0 + knot_rrclass_from_string@Base 3.3.0 + knot_rrclass_to_string@Base 3.3.0 + knot_rrset_add_rdata@Base 3.3.0 + knot_rrset_clear@Base 3.3.0 + knot_rrset_copy@Base 3.3.0 + knot_rrset_equal@Base 3.3.0 + knot_rrset_free@Base 3.3.0 + knot_rrset_is_nsec3rel@Base 3.3.0 + knot_rrset_new@Base 3.3.0 + knot_rrset_rr_from_wire@Base 3.3.0 + knot_rrset_rr_to_canonical@Base 3.3.0 + knot_rrset_size@Base 3.3.0 + knot_rrset_to_wire_extra@Base 3.3.0 + knot_rrset_txt_dump@Base 3.3.0 + knot_rrset_txt_dump_data@Base 3.3.0 + knot_rrset_txt_dump_edns@Base 3.3.0 + knot_rrset_txt_dump_header@Base 3.3.0 + knot_rrtype_additional_needed@Base 3.3.0 + knot_rrtype_from_string@Base 3.3.0 + knot_rrtype_is_dnssec@Base 3.3.0 + knot_rrtype_is_metatype@Base 3.3.0 + knot_rrtype_should_be_lowercased@Base 3.3.0 + knot_rrtype_to_string@Base 3.3.0 + knot_strerror@Base 3.3.0 + knot_svcb_param_names@Base 3.3.0 + knot_tcp_inbufs_upd@Base 3.3.0 + knot_tcp_outbufs_ack@Base 3.3.0 + knot_tcp_outbufs_add@Base 3.3.0 + knot_tcp_outbufs_can_send@Base 3.3.0 + knot_tcp_outbufs_usage@Base 3.3.0 + knot_tsig_add@Base 3.3.0 + knot_tsig_append@Base 3.3.0 + knot_tsig_client_check@Base 3.3.0 + knot_tsig_client_check_next@Base 3.3.0 + knot_tsig_create_rdata@Base 3.3.0 + knot_tsig_key_copy@Base 3.3.0 + knot_tsig_key_deinit@Base 3.3.0 + knot_tsig_key_init@Base 3.3.0 + knot_tsig_key_init_file@Base 3.3.0 + knot_tsig_key_init_str@Base 3.3.0 + knot_tsig_rcode_names@Base 3.3.0 + knot_tsig_rdata_alg@Base 3.3.0 + knot_tsig_rdata_alg_name@Base 3.3.0 + knot_tsig_rdata_error@Base 3.3.0 + knot_tsig_rdata_fudge@Base 3.3.0 + knot_tsig_rdata_is_ok@Base 3.3.0 + knot_tsig_rdata_mac@Base 3.3.0 + knot_tsig_rdata_mac_length@Base 3.3.0 + knot_tsig_rdata_orig_id@Base 3.3.0 + knot_tsig_rdata_other_data@Base 3.3.0 + knot_tsig_rdata_other_data_length@Base 3.3.0 + knot_tsig_rdata_set_fudge@Base 3.3.0 + knot_tsig_rdata_set_mac@Base 3.3.0 + knot_tsig_rdata_set_orig_id@Base 3.3.0 + knot_tsig_rdata_set_other_data@Base 3.3.0 + knot_tsig_rdata_set_time_signed@Base 3.3.0 + knot_tsig_rdata_time_signed@Base 3.3.0 + knot_tsig_rdata_tsig_timers_length@Base 3.3.0 + knot_tsig_rdata_tsig_variables_length@Base 3.3.0 + knot_tsig_server_check@Base 3.3.0 + knot_tsig_sign@Base 3.3.0 + knot_tsig_sign_next@Base 3.3.0 + knot_tsig_wire_maxsize@Base 3.3.0 + knot_tsig_wire_size@Base 3.3.0 + yp_addr@Base 3.3.0 + yp_addr_noport@Base 3.3.0 + yp_addr_noport_to_bin@Base 3.3.0 + yp_addr_noport_to_txt@Base 3.3.0 + yp_addr_range_to_bin@Base 3.3.0 + yp_addr_range_to_txt@Base 3.3.0 + yp_addr_to_bin@Base 3.3.0 + yp_addr_to_txt@Base 3.3.0 + yp_base64_to_bin@Base 3.3.0 + yp_base64_to_txt@Base 3.3.0 + yp_bool_to_bin@Base 3.3.0 + yp_bool_to_txt@Base 3.3.0 + yp_deinit@Base 3.3.0 + yp_dname_to_bin@Base 3.3.0 + yp_dname_to_txt@Base 3.3.0 + yp_format_id@Base 3.3.0 + yp_format_key0@Base 3.3.0 + yp_format_key1@Base 3.3.0 + yp_hex_to_bin@Base 3.3.0 + yp_hex_to_txt@Base 3.3.0 + yp_init@Base 3.3.0 + yp_int_to_bin@Base 3.3.0 + yp_int_to_txt@Base 3.3.0 + yp_item_to_bin@Base 3.3.0 + yp_item_to_txt@Base 3.3.0 + yp_option_to_bin@Base 3.3.0 + yp_option_to_txt@Base 3.3.0 + yp_parse@Base 3.3.0 + yp_schema_check_deinit@Base 3.3.0 + yp_schema_check_init@Base 3.3.0 + yp_schema_check_parser@Base 3.3.0 + yp_schema_check_str@Base 3.3.0 + yp_schema_copy@Base 3.3.0 + yp_schema_find@Base 3.3.0 + yp_schema_free@Base 3.3.0 + yp_schema_merge@Base 3.3.0 + yp_schema_purge_dynamic@Base 3.3.0 + yp_set_input_file@Base 3.3.0 + yp_set_input_string@Base 3.3.0 + yp_str_to_bin@Base 3.3.0 + yp_str_to_txt@Base 3.3.0 diff --git a/distro/pkg/deb-noxdp/libzscanner4.install b/distro/pkg/deb-noxdp/libzscanner4.install new file mode 100644 index 0000000..a8dc226 --- /dev/null +++ b/distro/pkg/deb-noxdp/libzscanner4.install @@ -0,0 +1 @@ +usr/lib/*/libzscanner.so.* diff --git a/distro/pkg/deb-noxdp/libzscanner4.symbols b/distro/pkg/deb-noxdp/libzscanner4.symbols new file mode 100644 index 0000000..99ac3b7 --- /dev/null +++ b/distro/pkg/deb-noxdp/libzscanner4.symbols @@ -0,0 +1,12 @@ +libzscanner.so.4 libzscanner4 #MINVER# +* Build-Depends-Package: libknot-dev + zs_deinit@Base 3.1.0 + zs_errorname@Base 3.1.0 + zs_init@Base 3.1.0 + zs_parse_all@Base 3.1.0 + zs_parse_record@Base 3.1.0 + zs_set_input_file@Base 3.1.0 + zs_set_input_string@Base 3.1.0 + zs_set_processing@Base 3.1.0 + zs_set_processing_comment@Base 3.1.0 + zs_strerror@Base 3.1.0 diff --git a/distro/pkg/deb-noxdp/not-installed b/distro/pkg/deb-noxdp/not-installed new file mode 100644 index 0000000..c928be1 --- /dev/null +++ b/distro/pkg/deb-noxdp/not-installed @@ -0,0 +1 @@ +etc/knot/example.com.zone diff --git a/distro/pkg/deb-noxdp/prepare-environment b/distro/pkg/deb-noxdp/prepare-environment new file mode 100755 index 0000000..7176f5e --- /dev/null +++ b/distro/pkg/deb-noxdp/prepare-environment @@ -0,0 +1,38 @@ +#!/bin/sh + +set -eu + +CONFFILE=${1:-/etc/knot/knot.conf} + +if [ ! -r $CONFFILE ]; then + echo "$CONFFILE doesn't exist or has wrong permissions." + exit 1; +fi + +KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE) +[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot + +mkdir --parents "$KNOT_RUNDIR"; + +KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + +if [ -n "$KNOT_USER" ]; then + if ! getent passwd $KNOT_USER >/dev/null; then + echo "Configured user '$KNOT_USER' doesn't exist." + exit 1 + fi + + KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + if [ -z "$KNOT_GROUP" ]; then + KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :) + fi + + if ! getent group $KNOT_GROUP >/dev/null; then + echo "Configured group '$KNOT_GROUP' doesn't exist." + exit 1 + fi + chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR" + chmod 775 "$KNOT_RUNDIR" +fi + +: diff --git a/distro/pkg/deb-noxdp/python3-libknot.install b/distro/pkg/deb-noxdp/python3-libknot.install new file mode 100644 index 0000000..ce92dec --- /dev/null +++ b/distro/pkg/deb-noxdp/python3-libknot.install @@ -0,0 +1,2 @@ +usr/lib/python3*/dist-packages/libknot-*.egg-info +usr/lib/python3*/dist-packages/libknot/*.py diff --git a/distro/pkg/deb-noxdp/rules b/distro/pkg/deb-noxdp/rules new file mode 100755 index 0000000..2372f70 --- /dev/null +++ b/distro/pkg/deb-noxdp/rules @@ -0,0 +1,95 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG +export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +export DPKG_GENSYMBOLS_CHECK_LEVEL := 4 +export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so + +include /usr/share/dpkg/default.mk + +ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint)) + FASTPARSER := --disable-fastparser +else + FASTPARSER := --enable-fastparser +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386)) + RECVMMSG:=--enable-recvmmsg=no +else + RECVMMSG:=--enable-recvmmsg=yes +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386)) + RUN_TEST := +else + RUN_TEST := -timeout --kill-after=5s 5m +endif + +LIBKNOT_SYMBOLS := $(wildcard $(CURDIR)/debian/libknot*.symbols) + +# MAJOR.MINOR version part +BASE_VERSION := $(shell echo $(DEB_VERSION) | sed 's/^\([^.]\+\.[^.]\+\).*/\1/') + +# pyproject is supported by knot but fails on second `pybuild --build` +# invocation due to bug in dh-python's plugin_pyproject.py wheel unpack +export PYBUILD_SYSTEM = distutils + + +%: + dh $@ \ + --exclude=.la --exclude=example.com.zone \ + --with python3 + +override_dh_auto_configure: + dh_auto_configure -- \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot/modules-$(BASE_VERSION) \ + --with-storage=/var/lib/knot \ + --enable-systemd=auto \ + --enable-dnstap \ + --with-module-dnstap=shared \ + --with-module-geoip=shared \ + $(RECVMMSG) \ + $(FASTPARSER) \ + --disable-silent-rules \ + --disable-static + +override_dh_auto_configure-indep: + pybuild --dir python/libknot --configure + pybuild --dir python/knot_exporter --configure + +override_dh_auto_build-indep: + dh_auto_build -- html + pybuild --dir python/libknot --build + pybuild --dir python/knot_exporter --build + +override_dh_auto_install-arch: + dh_auto_install -- install + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + +override_dh_auto_install-indep: + dh_auto_install -- install-html + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + pybuild --dir python/libknot --install + pybuild --dir python/knot_exporter --install + rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/libknot/__pycache__ + rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/knot_exporter/__pycache__ + +override_dh_auto_test-indep: +override_dh_auto_test-arch: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + $(RUN_TEST) dh_auto_test +endif + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installchangelogs: + dh_installchangelogs NEWS diff --git a/distro/pkg/deb-noxdp/source/format b/distro/pkg/deb-noxdp/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/distro/pkg/deb-noxdp/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/distro/pkg/deb-noxdp/tests/authoritative-server b/distro/pkg/deb-noxdp/tests/authoritative-server new file mode 100755 index 0000000..028dfbf --- /dev/null +++ b/distro/pkg/deb-noxdp/tests/authoritative-server @@ -0,0 +1,150 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# 2018-11-02 +# License: GPLv3+ + +# error on exit +set -e +# for handling jobspecs: +set -m + +if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then + d="$(mktemp -d)" + remove="$d" +else + d="$AUTOPKGTEST_ARTIFACTS" +fi +ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}" +port="${PORT:-8123}" +knotc="${KNOTC:-/usr/sbin/knotc}" +knotd="${KNOTD:-/usr/sbin/knotd}" +keymgr="${KEYMGR:-/usr/sbin/keymgr}" +kdig="${KDIG:-$(command -v kdig)}" +kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}" +test_address="${TEST_ADDRESS:-192.0.2.199}" + +declare -a knot_conf="--config=$d/knot.conf" +declare -a knot_args=("$knot_conf" --verbose) + +printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}" + +section() { + printf "\n%s\n" "$1" + sed 's/./-/g' <<<"$1" +} + +cleanup () { + section "cleaning up" + find "$d" -ls + "${knotc}" "${knot_args[@]}" stop + wait %1 + tail -n +1 -v "$d"/*.err + if [ "$remove" ]; then + printf "\ncleaning up working directory %s\n" "$remove" + rm -rf "$remove" + fi +} +trap cleanup EXIT + +section "set up config file and zonefile" + +user=$(id -nu) +group=$(id -ng) +cat > "$d/knot.conf" <<EOF +server: + rundir: "$d" + listen: $ip@$port + user: $user:$group +database: + storage: "$d" +template: + - id: default + storage: "$d" + file: "%s.zone" +zone: + - domain: example.net + dnssec-signing: on +EOF + +cat > "$d/example.net.zone" <<EOF +@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d +@ 1D IN NS a.ns.example.net. +@ 1D IN NS b.ns.example.net. +a.ns 1D IN A 192.0.2.1 +b.ns 1D IN A 192.0.2.2 +test 1D IN A $test_address +EOF + +find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v + +mkdir -p "${d}" + +section "kzonecheck'ing zonefile" +"${kzonecheck}" -v "$d/example.net.zone" + +section "launching knot" +"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" & + +# FIXME: this is an annoying poll -- would be better if we could be +# alerted when the daemon is done setting up the socket, but i don't +# want to "--daemonize" if i can avoid it because i want the shell to +# remain in direct supervision of all its processes +tried=0 +while [ $tried -lt 10 ] ; do + if "${knotc}" "${knot_args[@]}" status 2>&1; then + break; + fi + sleep 0.5 + tried=$(( $tried + 1 )) +done +if [ $tried -ge 10 ]; then + printf "failed to use %s\n" "${knotc}" >&2 + exit 1 +fi + +section "querying knot" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "" ]; then + printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2 + exit 1 +fi + +section "modifying zone" +printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone" +sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone" +"${knotc}" "${knot_args[@]}" reload +sleep 1 + +section "querying again" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "$test_address" ]; then + printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2 + exit 1 +fi + +section "querying DNSSEC" +"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec +if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then + printf "DNSSEC query not successful" >&2 + exit 1 +fi + +section "listing keys with keymgr" +"${keymgr}" "$knot_conf" -e example.net. list +if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then + printf "keymgr did not list KSK as expected" >&2 + exit 1 +fi diff --git a/distro/pkg/deb-noxdp/tests/control b/distro/pkg/deb-noxdp/tests/control new file mode 100644 index 0000000..e8b3dcb --- /dev/null +++ b/distro/pkg/deb-noxdp/tests/control @@ -0,0 +1,13 @@ +Tests: kdig +Restrictions: skippable +Depends: + ca-certificates, + iputils-ping, + knot-dnsutils, + +Tests: authoritative-server +Depends: + findutils, + knot, + knot-dnsutils, + knot-dnssecutils, diff --git a/distro/pkg/deb-noxdp/tests/kdig b/distro/pkg/deb-noxdp/tests/kdig new file mode 100755 index 0000000..f1dbe5a --- /dev/null +++ b/distro/pkg/deb-noxdp/tests/kdig @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +# Skip the test if no internet access +ping -c1 1.1.1.1 2>&1 || exit 77 + +expected=198.41.0.4 +answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true) + +if [ "$answer" != "$expected" ]; then + printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2 + kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A +fi diff --git a/distro/pkg/deb-noxdp/ufw/knot b/distro/pkg/deb-noxdp/ufw/knot new file mode 100644 index 0000000..ee36916 --- /dev/null +++ b/distro/pkg/deb-noxdp/ufw/knot @@ -0,0 +1,4 @@ +[Knot] +title=Internet Domain Name Server +description=The Knot DNS implements an Internet domain name server. +ports=53 diff --git a/distro/pkg/deb-noxdp/watch b/distro/pkg/deb-noxdp/watch new file mode 100644 index 0000000..7cf9ea1 --- /dev/null +++ b/distro/pkg/deb-noxdp/watch @@ -0,0 +1,4 @@ +version=4 +opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \ +https://secure.nic.cz/files/knot-dns/ \ +(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) diff --git a/distro/pkg/deb/changelog b/distro/pkg/deb/changelog new file mode 100644 index 0000000..123f92b --- /dev/null +++ b/distro/pkg/deb/changelog @@ -0,0 +1,6 @@ +knot ({{ version }}-cznic.{{ release }}) unstable; urgency=medium + + * upstream package + * see https://www.knot-dns.cz + + -- Knot DNS <knot-dns@labs.nic.cz> {{ now }} diff --git a/distro/pkg/deb/clean b/distro/pkg/deb/clean new file mode 100644 index 0000000..b2a9f3f --- /dev/null +++ b/distro/pkg/deb/clean @@ -0,0 +1,2 @@ +doc/modules +.pybuild/ diff --git a/distro/pkg/deb/compat b/distro/pkg/deb/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/distro/pkg/deb/compat @@ -0,0 +1 @@ +11 diff --git a/distro/pkg/deb/control b/distro/pkg/deb/control new file mode 100644 index 0000000..2fb547a --- /dev/null +++ b/distro/pkg/deb/control @@ -0,0 +1,284 @@ +Source: knot +Section: net +Priority: optional +Maintainer: Knot DNS <knot-dns@labs.nic.cz> +Uploaders: + Jakub Ružička <jakub.ruzicka@nic.cz>, + Daniel Salzman <daniel.salzman@nic.cz>, +Build-Depends-Indep: + python3-setuptools, + python3-sphinx, + python3-sphinx-panels, +Build-Depends: + autoconf, + automake, + debhelper (>= 11), + dh-python, + libbpf-dev, + libcap-ng-dev, + libedit-dev, + libfstrm-dev, + libgnutls28-dev, + libidn2-dev, + liblmdb-dev, + libmaxminddb-dev, + libmnl-dev, + libnghttp2-dev, + libprotobuf-c-dev, + libsofthsm2 <!nocheck>, + libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any], + libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any], + libtool, + liburcu-dev, + libxdp-dev, + pkg-config, + protobuf-c-compiler, + python3-all, +Standards-Version: 4.5.0 +Homepage: https://www.knot-dns.cz/ +Vcs-Browser: https://gitlab.nic.cz/knot/knot-dns +Vcs-Git: https://gitlab.nic.cz/knot/knot-dns.git +Rules-Requires-Root: no + +Package: knot +Architecture: any +Depends: + adduser, + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +Suggests: + systemd, +Description: Authoritative domain name server + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + +Package: libknot14 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a DNS shared library used by Knot DNS and + Knot Resolver. + +Package: libzscanner4 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS zone-parsing shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a fast zone parser shared library used by Knot + DNS and Knot Resolver. + +Package: libdnssec9 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNSSEC shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides common DNSSEC shared library used by Knot DNS + and Knot Resolver. + +Package: libknot-dev +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libgnutls28-dev, + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, +Section: libdevel +Description: Knot DNS shared library development files + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides development files for shared libraries from Knot DNS. + +Package: knot-dnsutils +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: DNS clients provided with Knot DNS (kdig, knsupdate) + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various DNS client programs from Knot DNS. + . + - kdig - query a DNS server in various ways + - knsupdate - perform dynamic updates (See RFC2136) + - kxdpgun - send a DNS query stream over UDP to a DNS server + . + Those clients were designed to be almost 1:1 compatible with BIND dnsutils, + but they provide some enhancements, which are documented. + . + WARNING: knslookup is not provided as it is considered obsolete. + +Package: knot-dnssecutils +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: DNSSEC tools provided with Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various DNSSEC tools from Knot DNS. + . + - kzonecheck + - kzonesign + - knsec3hash + +Package: knot-host +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot14 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Version of 'host' bundled with Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides the 'host' program from Knot DNS. This program is + designed to be almost 1:1 compatible with BIND 9.x 'host' program. + +Package: knot-module-dnstap +Architecture: any +Depends: + knot (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: dnstap module for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package contains dnstap module for logging DNS traffic. + +Package: knot-module-geoip +Architecture: any +Depends: + knot (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: geoip module for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package contains geoip module for geography-based responses. + +Package: knot-doc +Architecture: all +Multi-Arch: foreign +Depends: + libjs-jquery, + libjs-sphinxdoc, + libjs-underscore, + ${misc:Depends}, +Section: doc +Description: Documentation for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides various documents that are useful for + maintaining a working Knot DNS installation. + +Package: knot-exporter +Architecture: all +Depends: + ${misc:Depends}, + ${python3:Depends}, +Section: python +Description: Prometheus exporter for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides Python Prometheus exporter for Knot DNS. + +Package: python3-libknot +Architecture: all +Depends: + ${misc:Depends}, + ${python3:Depends}, +Section: python +Description: Python bindings for libknot + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides Python bindings for the libknot shared library. diff --git a/distro/pkg/deb/copyright b/distro/pkg/deb/copyright new file mode 100644 index 0000000..20c8b97 --- /dev/null +++ b/distro/pkg/deb/copyright @@ -0,0 +1,179 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Knot DNS +Upstream-Contact: knot-dns@labs.nic.cz +Source: https://secure.nic.cz/files/knot-dns/ + +Files: * +Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: m4/* +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1996-2001, 2003-2015 Free Software Foundation, Inc. +License: GPL-3+ + +Files: install-sh +Copyright: 1994 X Consortium +License: MIT + +Files: debian/* distro/pkg/deb/* +Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2011 Ondřej Surý <ondrej@debian.org> +License: GPL-3+ + +Files: tests/tap/* +Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu> + 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University +License: MIT + +Files: tests/tap/files.* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/dnstap/* +Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com> + 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/libngtcp2/* +Copyright: 2016-2023 ngtcp2 contributors + 2012-2017 nghttp2 contributors +License: MIT + +Files: src/contrib/musl/* +Copyright: 2005-2020 Rich Felker, et al. +License: MIT + +Files: src/contrib/openbsd/siphash.* +Copyright: 2013 Andre Oppermann <andre@FreeBSD.org> +License: BSD-3-Clause + +Files: src/contrib/openbsd/strl* +Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com> +License: 0BSD + +Files: src/contrib/proxyv2/* +Copyright: 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2021 Fastly, Inc. +License: GPL-3+ + +Files: src/contrib/qp-trie/* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2018 Tony Finch <dot@dotat.at> +License: GPL-3+ + +Files: src/contrib/ucw/* +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1997-2017 Martin Mares <mj@ucw.cz> + 2007 Pavel Charvat <pchar@ucw.cz> + 2012 Ondrej Filip <feela@network.cz> +License: LGPL-2.0 + +Files: src/contrib/ucw/heap.h +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/url-parser/* +Copyright: 2020 Igor Sysoev + 2020 Nginx, Inc. + 2020 Joyent, Inc. +License: MIT + +Files: src/contrib/vpool/* +Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org> +License: 0BSD + +Files: tests-fuzz/main.c +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2017 Tim Ruehsen +License: MIT + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the full text of the GNU General Public License + version 3 can be found in the file `/usr/share/common-licenses/GPL-3'. + +License: LGPL-2.0 + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + . + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301, USA. + +License: 0BSD + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without modification, + are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + 3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. diff --git a/distro/pkg/deb/cz.nic.knotd.conf b/distro/pkg/deb/cz.nic.knotd.conf new file mode 100644 index 0000000..50af87a --- /dev/null +++ b/distro/pkg/deb/cz.nic.knotd.conf @@ -0,0 +1,9 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="knot"> + <allow own="cz.nic.knotd" /> + </policy> + <policy context="default"> + <allow receive_sender="cz.nic.knotd" /> + </policy> +</busconfig> diff --git a/distro/pkg/deb/docs b/distro/pkg/deb/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/distro/pkg/deb/docs @@ -0,0 +1 @@ +README.md diff --git a/distro/pkg/deb/knot-dnssecutils.install b/distro/pkg/deb/knot-dnssecutils.install new file mode 100644 index 0000000..20009e8 --- /dev/null +++ b/distro/pkg/deb/knot-dnssecutils.install @@ -0,0 +1,3 @@ +usr/bin/knsec3hash +usr/bin/kzonecheck +usr/bin/kzonesign diff --git a/distro/pkg/deb/knot-dnssecutils.manpages b/distro/pkg/deb/knot-dnssecutils.manpages new file mode 100644 index 0000000..913c4cb --- /dev/null +++ b/distro/pkg/deb/knot-dnssecutils.manpages @@ -0,0 +1,3 @@ +usr/share/man/man1/knsec3hash.1 +usr/share/man/man1/kzonecheck.1 +usr/share/man/man1/kzonesign.1 diff --git a/distro/pkg/deb/knot-dnsutils.install b/distro/pkg/deb/knot-dnsutils.install new file mode 100644 index 0000000..e2f2a8a --- /dev/null +++ b/distro/pkg/deb/knot-dnsutils.install @@ -0,0 +1,3 @@ +usr/bin/kdig +usr/bin/knsupdate +usr/sbin/kxdpgun diff --git a/distro/pkg/deb/knot-dnsutils.manpages b/distro/pkg/deb/knot-dnsutils.manpages new file mode 100644 index 0000000..67254d9 --- /dev/null +++ b/distro/pkg/deb/knot-dnsutils.manpages @@ -0,0 +1,3 @@ +usr/share/man/man1/kdig.1 +usr/share/man/man1/knsupdate.1 +usr/share/man/man8/kxdpgun.8 diff --git a/distro/pkg/deb/knot-doc.install b/distro/pkg/deb/knot-doc.install new file mode 100644 index 0000000..c2a345d --- /dev/null +++ b/distro/pkg/deb/knot-doc.install @@ -0,0 +1 @@ +usr/share/doc/knot/* /usr/share/doc/knot-doc/ diff --git a/distro/pkg/deb/knot-doc.links b/distro/pkg/deb/knot-doc.links new file mode 100644 index 0000000..1376b3a --- /dev/null +++ b/distro/pkg/deb/knot-doc.links @@ -0,0 +1,5 @@ +usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js +usr/share/javascript/sphinxdoc/1.0/doctools.js usr/share/doc/knot-doc/_static/doctools.js +usr/share/javascript/sphinxdoc/1.0/language_data.js usr/share/doc/knot-doc/_static/language_data.js +usr/share/javascript/sphinxdoc/1.0/searchtools.js usr/share/doc/knot-doc/_static/searchtools.js +usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js diff --git a/distro/pkg/deb/knot-exporter.install b/distro/pkg/deb/knot-exporter.install new file mode 100644 index 0000000..4c2d5ed --- /dev/null +++ b/distro/pkg/deb/knot-exporter.install @@ -0,0 +1,3 @@ +usr/lib/python3*/dist-packages/knot_exporter-*.egg-info +usr/lib/python3*/dist-packages/knot_exporter/*.py +usr/bin/knot-exporter /usr/sbin/knot-exporter diff --git a/distro/pkg/deb/knot-host.install b/distro/pkg/deb/knot-host.install new file mode 100644 index 0000000..51bacf0 --- /dev/null +++ b/distro/pkg/deb/knot-host.install @@ -0,0 +1 @@ +usr/bin/khost diff --git a/distro/pkg/deb/knot-host.manpages b/distro/pkg/deb/knot-host.manpages new file mode 100644 index 0000000..4891e2c --- /dev/null +++ b/distro/pkg/deb/knot-host.manpages @@ -0,0 +1 @@ +usr/share/man/man1/khost.1 diff --git a/distro/pkg/deb/knot-module-dnstap.install b/distro/pkg/deb/knot-module-dnstap.install new file mode 100644 index 0000000..983455e --- /dev/null +++ b/distro/pkg/deb/knot-module-dnstap.install @@ -0,0 +1 @@ +usr/lib/*/knot/modules-*/dnstap.so diff --git a/distro/pkg/deb/knot-module-geoip.install b/distro/pkg/deb/knot-module-geoip.install new file mode 100644 index 0000000..16d87c3 --- /dev/null +++ b/distro/pkg/deb/knot-module-geoip.install @@ -0,0 +1 @@ +usr/lib/*/knot/modules-*/geoip.so diff --git a/distro/pkg/deb/knot.dirs b/distro/pkg/deb/knot.dirs new file mode 100644 index 0000000..6e937aa --- /dev/null +++ b/distro/pkg/deb/knot.dirs @@ -0,0 +1 @@ +var/lib/knot diff --git a/distro/pkg/deb/knot.init b/distro/pkg/deb/knot.init new file mode 100644 index 0000000..3f8fcae --- /dev/null +++ b/distro/pkg/deb/knot.init @@ -0,0 +1,149 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: knot +# Required-Start: $network $local_fs $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: authoritative domain name server +# Description: Knot DNS is a authoritative-only domain name server +### END INIT INFO + +# Author: Ondřej Surý <ondrej@debian.org> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Knot DNS server" # Introduce a short description here +NAME=knotd # Introduce the short server's name here +DAEMON=/usr/sbin/$NAME # Introduce the server's location here +PIDFILE=/run/knot/knot.pid +SCRIPTNAME=/etc/init.d/knot +KNOTC=/usr/sbin/knotc +RUNDIR=/run/knot + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +KNOTD_ARGS="" + +# Read configuration variable file if it is present +[ -r /etc/default/knot ] && . /etc/default/knot + +DAEMON_ARGS="-d $KNOTD_ARGS" + +# Define LSB log_* functions. +# Depend on sysvinit-utils (>= 2.96) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + $KNOTC status >/dev/null 2>/dev/null \ + && return 1 + + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + $KNOTC status >/dev/null 2>/dev/null \ + || return 1 + + $KNOTC stop >/dev/null + RETVAL="$?" + [ $? = 1 ] && return 2 + + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return 0 +} + +do_reload() { + $KNOTC reload >/dev/null + return $? +} + +do_mkrundir() { + mkdir -p $RUNDIR + chmod 0755 $RUNDIR + chown knot:knot $RUNDIR +} + +case "$1" in + start) + do_mkrundir + log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + STATUS=$($KNOTC status 2>&1 >/dev/null) + RETVAL=$? + if [ $RETVAL = 0 ]; then + log_success_msg "$NAME is running" + else + log_failure_msg "$NAME is not running ($STATUS)" + fi + exit $RETVAL + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/distro/pkg/deb/knot.install b/distro/pkg/deb/knot.install new file mode 100644 index 0000000..5c716fc --- /dev/null +++ b/distro/pkg/deb/knot.install @@ -0,0 +1,8 @@ +debian/cz.nic.knotd.conf usr/share/dbus-1/system.d/ +debian/ufw/knot etc/ufw/applications.d/ +etc/knot/knot.conf +usr/sbin/kcatalogprint +usr/sbin/keymgr +usr/sbin/kjournalprint +usr/sbin/knotc +usr/sbin/knotd diff --git a/distro/pkg/deb/knot.manpages b/distro/pkg/deb/knot.manpages new file mode 100644 index 0000000..5d23e9f --- /dev/null +++ b/distro/pkg/deb/knot.manpages @@ -0,0 +1,6 @@ +usr/share/man/man5/knot.conf.5 +usr/share/man/man8/kcatalogprint.8 +usr/share/man/man8/keymgr.8 +usr/share/man/man8/kjournalprint.8 +usr/share/man/man8/knotc.8 +usr/share/man/man8/knotd.8 diff --git a/distro/pkg/deb/knot.postinst b/distro/pkg/deb/knot.postinst new file mode 100644 index 0000000..da747c8 --- /dev/null +++ b/distro/pkg/deb/knot.postinst @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +if [ "$1" = "configure" ]; then + if ! getent passwd knot > /dev/null; then + adduser --quiet --system --group --no-create-home --home /var/lib/knot knot + fi + + dpkg-statoverride --list /var/lib/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0770 /var/lib/knot + dpkg-statoverride --list /etc/knot/knot.conf >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0640 /etc/knot/knot.conf + dpkg-statoverride --list /etc/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0750 /etc/knot +fi + +#DEBHELPER# + +exit 0 diff --git a/distro/pkg/deb/knot.postrm b/distro/pkg/deb/knot.postrm new file mode 100644 index 0000000..14b3d69 --- /dev/null +++ b/distro/pkg/deb/knot.postrm @@ -0,0 +1,21 @@ +#!/bin/sh +set -e + +if test "$1" = "purge"; then + state_dir=/var/lib/knot + for db_name in "catalog" "confdb" "journal" "keys" "timers"; do + rm -rf $state_dir/$db_name >/dev/null 2>&1 || true + done + rmdir $state_dir >/dev/null 2>&1 || true + [ -e $state_dir/* ] && echo "Notice: there are still data in ${state_dir}, please check." + + dpkg-statoverride --remove /var/lib/knot >/dev/null 2>&1 || true + dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>&1 || true + dpkg-statoverride --remove /etc/knot >/dev/null 2>&1 || true + + deluser --quiet knot >/dev/null 2>&1 || true +fi + +#DEBHELPER# + +exit 0 diff --git a/distro/pkg/deb/knot.service b/distro/pkg/deb/knot.service new file mode 100644 index 0000000..e6c13ed --- /dev/null +++ b/distro/pkg/deb/knot.service @@ -0,0 +1,30 @@ +[Unit] +Description=Knot DNS server +Wants=network-online.target +After=network-online.target +Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) + +[Service] +Type=notify +User=knot +Group=knot +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP +ExecStartPre=/usr/sbin/knotc conf-check +ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE" +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-abort +LimitNOFILE=1048576 +TimeoutStopSec=300 +# Extend the systemd startup timeout by this value (seconds) for each zone +Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180" +# Maximum size (MiB) of a configuration database +Environment="KNOT_CONF_MAX_SIZE=512" + +# Expected systemd >= v239 +RuntimeDirectory=knot +StateDirectory=knot +NoNewPrivileges=yes + +[Install] +WantedBy=multi-user.target diff --git a/distro/pkg/deb/libdnssec9.install b/distro/pkg/deb/libdnssec9.install new file mode 100644 index 0000000..17a9fe6 --- /dev/null +++ b/distro/pkg/deb/libdnssec9.install @@ -0,0 +1 @@ +usr/lib/*/libdnssec.so.* diff --git a/distro/pkg/deb/libdnssec9.symbols b/distro/pkg/deb/libdnssec9.symbols new file mode 100644 index 0000000..c3ab2ed --- /dev/null +++ b/distro/pkg/deb/libdnssec9.symbols @@ -0,0 +1,96 @@ +libdnssec.so.9 libdnssec9 #MINVER# +* Build-Depends-Package: libknot-dev + dnssec_algorithm_digest_support@Base 3.2.0 + dnssec_algorithm_key_size_check@Base 3.2.0 + dnssec_algorithm_key_size_default@Base 3.2.0 + dnssec_algorithm_key_size_range@Base 3.2.0 + dnssec_algorithm_key_support@Base 3.2.0 + dnssec_algorithm_reproducible@Base 3.2.0 + dnssec_binary_alloc@Base 3.2.0 + dnssec_binary_cmp@Base 3.2.0 + dnssec_binary_dup@Base 3.2.0 + dnssec_binary_free@Base 3.2.0 + dnssec_binary_from_base64@Base 3.2.0 + dnssec_binary_resize@Base 3.2.0 + dnssec_binary_to_base64@Base 3.2.0 + dnssec_crypto_cleanup@Base 3.2.0 + dnssec_crypto_init@Base 3.2.0 + dnssec_crypto_reinit@Base 3.2.0 + dnssec_digest@Base 3.2.0 + dnssec_digest_finish@Base 3.2.0 + dnssec_digest_init@Base 3.2.0 + dnssec_key_can_sign@Base 3.2.0 + dnssec_key_can_verify@Base 3.2.0 + dnssec_key_clear@Base 3.2.0 + dnssec_key_create_ds@Base 3.2.0 + dnssec_key_dup@Base 3.2.0 + dnssec_key_free@Base 3.2.0 + dnssec_key_get_algorithm@Base 3.2.0 + dnssec_key_get_dname@Base 3.2.0 + dnssec_key_get_flags@Base 3.2.0 + dnssec_key_get_keyid@Base 3.2.0 + dnssec_key_get_keytag@Base 3.2.0 + dnssec_key_get_protocol@Base 3.2.0 + dnssec_key_get_pubkey@Base 3.2.0 + dnssec_key_get_rdata@Base 3.2.0 + dnssec_key_get_size@Base 3.2.0 + dnssec_key_load_pkcs8@Base 3.2.0 + dnssec_key_new@Base 3.2.0 + dnssec_key_set_algorithm@Base 3.2.0 + dnssec_key_set_dname@Base 3.2.0 + dnssec_key_set_flags@Base 3.2.0 + dnssec_key_set_protocol@Base 3.2.0 + dnssec_key_set_pubkey@Base 3.2.0 + dnssec_key_set_rdata@Base 3.2.0 + dnssec_keyid_copy@Base 3.2.0 + dnssec_keyid_equal@Base 3.2.0 + dnssec_keyid_is_valid@Base 3.2.0 + dnssec_keyid_normalize@Base 3.2.0 + dnssec_keystore_close@Base 3.2.0 + dnssec_keystore_deinit@Base 3.2.0 + dnssec_keystore_generate@Base 3.2.0 + dnssec_keystore_get_private@Base 3.2.0 + dnssec_keystore_import@Base 3.2.0 + dnssec_keystore_init@Base 3.2.0 + dnssec_keystore_init_pkcs11@Base 3.2.0 + dnssec_keystore_init_pkcs8@Base 3.2.0 + dnssec_keystore_open@Base 3.2.0 + dnssec_keystore_remove@Base 3.2.0 + dnssec_keystore_set_private@Base 3.2.0 + dnssec_keytag@Base 3.2.0 + dnssec_nsec3_hash@Base 3.2.0 + dnssec_nsec3_hash_length@Base 3.2.0 + dnssec_nsec3_params_free@Base 3.2.0 + dnssec_nsec3_params_from_rdata@Base 3.2.0 + dnssec_nsec3_params_match@Base 3.2.0 + dnssec_nsec_bitmap_add@Base 3.2.0 + dnssec_nsec_bitmap_clear@Base 3.2.0 + dnssec_nsec_bitmap_contains@Base 3.2.0 + dnssec_nsec_bitmap_free@Base 3.2.0 + dnssec_nsec_bitmap_new@Base 3.2.0 + dnssec_nsec_bitmap_size@Base 3.2.0 + dnssec_nsec_bitmap_write@Base 3.2.0 + dnssec_pem_from_privkey@Base 3.2.0 + dnssec_pem_from_x509@Base 3.2.0 + dnssec_pem_to_privkey@Base 3.2.0 + dnssec_pem_to_x509@Base 3.2.0 + dnssec_random_binary@Base 3.2.0 + dnssec_random_buffer@Base 3.2.0 + dnssec_sign_add@Base 3.2.0 + dnssec_sign_free@Base 3.2.0 + dnssec_sign_init@Base 3.2.0 + dnssec_sign_new@Base 3.2.0 + dnssec_sign_verify@Base 3.2.0 + dnssec_sign_write@Base 3.2.0 + dnssec_strerror@Base 3.2.0 + dnssec_tsig_add@Base 3.2.0 + dnssec_tsig_algorithm_from_dname@Base 3.2.0 + dnssec_tsig_algorithm_from_name@Base 3.2.0 + dnssec_tsig_algorithm_size@Base 3.2.0 + dnssec_tsig_algorithm_to_dname@Base 3.2.0 + dnssec_tsig_algorithm_to_name@Base 3.2.0 + dnssec_tsig_free@Base 3.2.0 + dnssec_tsig_new@Base 3.2.0 + dnssec_tsig_optimal_key_size@Base 3.2.0 + dnssec_tsig_size@Base 3.2.0 + dnssec_tsig_write@Base 3.2.0 diff --git a/distro/pkg/deb/libknot-dev.install b/distro/pkg/deb/libknot-dev.install new file mode 100644 index 0000000..cb60d88 --- /dev/null +++ b/distro/pkg/deb/libknot-dev.install @@ -0,0 +1,3 @@ +usr/include/ +usr/lib/*/*.so +usr/lib/*/pkgconfig/* diff --git a/distro/pkg/deb/libknot14.install b/distro/pkg/deb/libknot14.install new file mode 100644 index 0000000..f9b9f93 --- /dev/null +++ b/distro/pkg/deb/libknot14.install @@ -0,0 +1 @@ +usr/lib/*/libknot.so.* diff --git a/distro/pkg/deb/libknot14.symbols b/distro/pkg/deb/libknot14.symbols new file mode 100644 index 0000000..b6e7caf --- /dev/null +++ b/distro/pkg/deb/libknot14.symbols @@ -0,0 +1,276 @@ +libknot.so.14 libknot14 #MINVER# +* Build-Depends-Package: libknot-dev + KNOT_DB_LMDB_DUPSORT@Base 3.3.0 + KNOT_DB_LMDB_INTEGERKEY@Base 3.3.0 + KNOT_DB_LMDB_MAPASYNC@Base 3.3.0 + KNOT_DB_LMDB_NOSYNC@Base 3.3.0 + KNOT_DB_LMDB_NOTLS@Base 3.3.0 + KNOT_DB_LMDB_RDONLY@Base 3.3.0 + KNOT_DB_LMDB_WRITEMAP@Base 3.3.0 + KNOT_DUMP_STYLE_DEFAULT@Base 3.3.0 + knot_ctl_accept@Base 3.3.0 + knot_ctl_alloc@Base 3.3.0 + knot_ctl_bind@Base 3.3.0 + knot_ctl_close@Base 3.3.0 + knot_ctl_connect@Base 3.3.0 + knot_ctl_free@Base 3.3.0 + knot_ctl_receive@Base 3.3.0 + knot_ctl_send@Base 3.3.0 + knot_ctl_set_timeout@Base 3.3.0 + knot_ctl_unbind@Base 3.3.0 + knot_db_lmdb_api@Base 3.3.0 + knot_db_lmdb_del_exact@Base 3.3.0 + knot_db_lmdb_get_mapsize@Base 3.3.0 + knot_db_lmdb_get_path@Base 3.3.0 + knot_db_lmdb_get_usage@Base 3.3.0 + knot_db_lmdb_iter_del@Base 3.3.0 + knot_db_lmdb_txn_begin@Base 3.3.0 + knot_db_trie_api@Base 3.3.0 + knot_dname_cmp@Base 3.3.0 + knot_dname_copy@Base 3.3.0 + knot_dname_copy_lower@Base 3.3.0 + knot_dname_free@Base 3.3.0 + knot_dname_from_str@Base 3.3.0 + knot_dname_in_bailiwick@Base 3.3.0 + knot_dname_is_case_equal@Base 3.3.0 + knot_dname_is_equal@Base 3.3.0 + knot_dname_labels@Base 3.3.0 + knot_dname_lf@Base 3.3.0 + knot_dname_matched_labels@Base 3.3.0 + knot_dname_prefixlen@Base 3.3.0 + knot_dname_realsize@Base 3.3.0 + knot_dname_replace_suffix@Base 3.3.0 + knot_dname_size@Base 3.3.0 + knot_dname_store@Base 3.3.0 + knot_dname_to_lower@Base 3.3.0 + knot_dname_to_str@Base 3.3.0 + knot_dname_to_wire@Base 3.3.0 + knot_dname_unpack@Base 3.3.0 + knot_dname_wire_check@Base 3.3.0 + knot_dnssec_alg_names@Base 3.3.0 + knot_edns_add_option@Base 3.3.0 + knot_edns_alignment_size@Base 3.3.0 + knot_edns_chain_parse@Base 3.3.0 + knot_edns_chain_size@Base 3.3.0 + knot_edns_chain_write@Base 3.3.0 + knot_edns_client_subnet_get_addr@Base 3.3.0 + knot_edns_client_subnet_parse@Base 3.3.0 + knot_edns_client_subnet_set_addr@Base 3.3.0 + knot_edns_client_subnet_size@Base 3.3.0 + knot_edns_client_subnet_write@Base 3.3.0 + knot_edns_cookie_client_check@Base 3.3.0 + knot_edns_cookie_client_generate@Base 3.3.0 + knot_edns_cookie_parse@Base 3.3.0 + knot_edns_cookie_server_check@Base 3.3.0 + knot_edns_cookie_server_generate@Base 3.3.0 + knot_edns_cookie_size@Base 3.3.0 + knot_edns_cookie_write@Base 3.3.0 + knot_edns_ede_names@Base 3.3.0 + knot_edns_get_ext_rcode@Base 3.3.0 + knot_edns_get_option@Base 3.3.0 + knot_edns_get_options@Base 3.3.0 + knot_edns_get_version@Base 3.3.0 + knot_edns_init@Base 3.3.0 + knot_edns_keepalive_parse@Base 3.3.0 + knot_edns_keepalive_size@Base 3.3.0 + knot_edns_keepalive_write@Base 3.3.0 + knot_edns_opt_names@Base 3.3.0 + knot_edns_reserve_option@Base 3.3.0 + knot_edns_set_ext_rcode@Base 3.3.0 + knot_edns_set_version@Base 3.3.0 + knot_error_from_libdnssec@Base 3.3.0 + knot_eth_mtu@Base 3.3.0 + knot_eth_name_from_addr@Base 3.3.0 + knot_eth_queues@Base 3.3.0 + knot_eth_rss@Base 3.3.0 + knot_eth_vlans@Base 3.3.0 + knot_eth_xdp_mode@Base 3.3.0 + knot_get_obsolete_rdata_descriptor@Base 3.3.0 + knot_get_rdata_descriptor@Base 3.3.0 + knot_naptr_header_size@Base 3.3.0 + knot_opcode_names@Base 3.3.0 + knot_opt_code_to_string@Base 3.3.0 + knot_pkt_begin@Base 3.3.0 + knot_pkt_clear@Base 3.3.0 + knot_pkt_copy@Base 3.3.0 + knot_pkt_ext_rcode@Base 3.3.0 + knot_pkt_ext_rcode_name@Base 3.3.0 + knot_pkt_free@Base 3.3.0 + knot_pkt_init_response@Base 3.3.0 + knot_pkt_new@Base 3.3.0 + knot_pkt_parse@Base 3.3.0 + knot_pkt_parse_question@Base 3.3.0 + knot_pkt_put_question@Base 3.3.0 + knot_pkt_put_rotate@Base 3.3.0 + knot_pkt_reclaim@Base 3.3.0 + knot_pkt_reserve@Base 3.3.0 + knot_probe_alloc@Base 3.3.0 + knot_probe_consume@Base 3.3.0 + knot_probe_data_set@Base 3.3.0 + knot_probe_fd@Base 3.3.0 + knot_probe_free@Base 3.3.0 + knot_probe_produce@Base 3.3.0 + knot_probe_set_consumer@Base 3.3.0 + knot_probe_set_producer@Base 3.3.0 + knot_probe_tcp_rtt@Base 3.3.0 + knot_quic_cleanup@Base 3.3.0 + knot_quic_client@Base 3.3.0 + knot_quic_conn_get_stream@Base 3.3.0 + knot_quic_conn_local_port@Base 3.3.0 + knot_quic_conn_new_stream@Base 3.3.0 + knot_quic_conn_next_timeout@Base 3.3.3 + knot_quic_conn_pin@Base 3.3.0 + knot_quic_conn_rtt@Base 3.3.0 + knot_quic_conn_stream_free@Base 3.3.0 + knot_quic_creds_cert@Base 3.3.0 + knot_quic_free_creds@Base 3.3.0 + knot_quic_handle@Base 3.3.0 + knot_quic_hanle_expiry@Base 3.3.3 + knot_quic_init_creds@Base 3.3.0 + knot_quic_init_creds_peer@Base 3.3.0 + knot_quic_send@Base 3.3.0 + knot_quic_session_available@Base 3.3.0 + knot_quic_session_load@Base 3.3.0 + knot_quic_session_save@Base 3.3.0 + knot_quic_stream_add_data@Base 3.3.0 + knot_quic_stream_get_process@Base 3.3.0 + knot_quic_table_free@Base 3.3.0 + knot_quic_table_new@Base 3.3.0 + knot_quic_table_rem@Base 3.3.0 + knot_quic_table_sweep@Base 3.3.0 + knot_rcode_names@Base 3.3.0 + knot_rdataset_add@Base 3.3.0 + knot_rdataset_at@Base 3.3.0 + knot_rdataset_clear@Base 3.3.0 + knot_rdataset_copy@Base 3.3.0 + knot_rdataset_eq@Base 3.3.0 + knot_rdataset_intersect@Base 3.3.0 + knot_rdataset_intersect2@Base 3.3.0 + knot_rdataset_member@Base 3.3.0 + knot_rdataset_merge@Base 3.3.0 + knot_rdataset_subset@Base 3.3.0 + knot_rdataset_subtract@Base 3.3.0 + knot_rrclass_from_string@Base 3.3.0 + knot_rrclass_to_string@Base 3.3.0 + knot_rrset_add_rdata@Base 3.3.0 + knot_rrset_clear@Base 3.3.0 + knot_rrset_copy@Base 3.3.0 + knot_rrset_equal@Base 3.3.0 + knot_rrset_free@Base 3.3.0 + knot_rrset_is_nsec3rel@Base 3.3.0 + knot_rrset_new@Base 3.3.0 + knot_rrset_rr_from_wire@Base 3.3.0 + knot_rrset_rr_to_canonical@Base 3.3.0 + knot_rrset_size@Base 3.3.0 + knot_rrset_to_wire_extra@Base 3.3.0 + knot_rrset_txt_dump@Base 3.3.0 + knot_rrset_txt_dump_data@Base 3.3.0 + knot_rrset_txt_dump_edns@Base 3.3.0 + knot_rrset_txt_dump_header@Base 3.3.0 + knot_rrtype_additional_needed@Base 3.3.0 + knot_rrtype_from_string@Base 3.3.0 + knot_rrtype_is_dnssec@Base 3.3.0 + knot_rrtype_is_metatype@Base 3.3.0 + knot_rrtype_should_be_lowercased@Base 3.3.0 + knot_rrtype_to_string@Base 3.3.0 + knot_strerror@Base 3.3.0 + knot_svcb_param_names@Base 3.3.0 + knot_tcp_cleanup@Base 3.3.0 + knot_tcp_inbufs_upd@Base 3.3.0 + knot_tcp_outbufs_ack@Base 3.3.0 + knot_tcp_outbufs_add@Base 3.3.0 + knot_tcp_outbufs_can_send@Base 3.3.0 + knot_tcp_outbufs_usage@Base 3.3.0 + knot_tcp_recv@Base 3.3.0 + knot_tcp_reply_data@Base 3.3.0 + knot_tcp_send@Base 3.3.0 + knot_tcp_sweep@Base 3.3.0 + knot_tcp_table_free@Base 3.3.0 + knot_tcp_table_new@Base 3.3.0 + knot_tsig_add@Base 3.3.0 + knot_tsig_append@Base 3.3.0 + knot_tsig_client_check@Base 3.3.0 + knot_tsig_client_check_next@Base 3.3.0 + knot_tsig_create_rdata@Base 3.3.0 + knot_tsig_key_copy@Base 3.3.0 + knot_tsig_key_deinit@Base 3.3.0 + knot_tsig_key_init@Base 3.3.0 + knot_tsig_key_init_file@Base 3.3.0 + knot_tsig_key_init_str@Base 3.3.0 + knot_tsig_rcode_names@Base 3.3.0 + knot_tsig_rdata_alg@Base 3.3.0 + knot_tsig_rdata_alg_name@Base 3.3.0 + knot_tsig_rdata_error@Base 3.3.0 + knot_tsig_rdata_fudge@Base 3.3.0 + knot_tsig_rdata_is_ok@Base 3.3.0 + knot_tsig_rdata_mac@Base 3.3.0 + knot_tsig_rdata_mac_length@Base 3.3.0 + knot_tsig_rdata_orig_id@Base 3.3.0 + knot_tsig_rdata_other_data@Base 3.3.0 + knot_tsig_rdata_other_data_length@Base 3.3.0 + knot_tsig_rdata_set_fudge@Base 3.3.0 + knot_tsig_rdata_set_mac@Base 3.3.0 + knot_tsig_rdata_set_orig_id@Base 3.3.0 + knot_tsig_rdata_set_other_data@Base 3.3.0 + knot_tsig_rdata_set_time_signed@Base 3.3.0 + knot_tsig_rdata_time_signed@Base 3.3.0 + knot_tsig_rdata_tsig_timers_length@Base 3.3.0 + knot_tsig_rdata_tsig_variables_length@Base 3.3.0 + knot_tsig_server_check@Base 3.3.0 + knot_tsig_sign@Base 3.3.0 + knot_tsig_sign_next@Base 3.3.0 + knot_tsig_wire_maxsize@Base 3.3.0 + knot_tsig_wire_size@Base 3.3.0 + knot_xdp_deinit@Base 3.3.0 + knot_xdp_init@Base 3.3.0 + knot_xdp_recv@Base 3.3.0 + knot_xdp_recv_finish@Base 3.3.0 + knot_xdp_reply_alloc@Base 3.3.0 + knot_xdp_send@Base 3.3.0 + knot_xdp_send_alloc@Base 3.3.0 + knot_xdp_send_finish@Base 3.3.0 + knot_xdp_send_free@Base 3.3.0 + knot_xdp_send_prepare@Base 3.3.0 + knot_xdp_socket_info@Base 3.3.0 + knot_xdp_socket_fd@Base 3.3.0 + yp_addr@Base 3.3.0 + yp_addr_noport@Base 3.3.0 + yp_addr_noport_to_bin@Base 3.3.0 + yp_addr_noport_to_txt@Base 3.3.0 + yp_addr_range_to_bin@Base 3.3.0 + yp_addr_range_to_txt@Base 3.3.0 + yp_addr_to_bin@Base 3.3.0 + yp_addr_to_txt@Base 3.3.0 + yp_base64_to_bin@Base 3.3.0 + yp_base64_to_txt@Base 3.3.0 + yp_bool_to_bin@Base 3.3.0 + yp_bool_to_txt@Base 3.3.0 + yp_deinit@Base 3.3.0 + yp_dname_to_bin@Base 3.3.0 + yp_dname_to_txt@Base 3.3.0 + yp_format_id@Base 3.3.0 + yp_format_key0@Base 3.3.0 + yp_format_key1@Base 3.3.0 + yp_hex_to_bin@Base 3.3.0 + yp_hex_to_txt@Base 3.3.0 + yp_init@Base 3.3.0 + yp_int_to_bin@Base 3.3.0 + yp_int_to_txt@Base 3.3.0 + yp_item_to_bin@Base 3.3.0 + yp_item_to_txt@Base 3.3.0 + yp_option_to_bin@Base 3.3.0 + yp_option_to_txt@Base 3.3.0 + yp_parse@Base 3.3.0 + yp_schema_check_deinit@Base 3.3.0 + yp_schema_check_init@Base 3.3.0 + yp_schema_check_parser@Base 3.3.0 + yp_schema_check_str@Base 3.3.0 + yp_schema_copy@Base 3.3.0 + yp_schema_find@Base 3.3.0 + yp_schema_free@Base 3.3.0 + yp_schema_merge@Base 3.3.0 + yp_schema_purge_dynamic@Base 3.3.0 + yp_set_input_file@Base 3.3.0 + yp_set_input_string@Base 3.3.0 + yp_str_to_bin@Base 3.3.0 + yp_str_to_txt@Base 3.3.0 diff --git a/distro/pkg/deb/libzscanner4.install b/distro/pkg/deb/libzscanner4.install new file mode 100644 index 0000000..a8dc226 --- /dev/null +++ b/distro/pkg/deb/libzscanner4.install @@ -0,0 +1 @@ +usr/lib/*/libzscanner.so.* diff --git a/distro/pkg/deb/libzscanner4.symbols b/distro/pkg/deb/libzscanner4.symbols new file mode 100644 index 0000000..99ac3b7 --- /dev/null +++ b/distro/pkg/deb/libzscanner4.symbols @@ -0,0 +1,12 @@ +libzscanner.so.4 libzscanner4 #MINVER# +* Build-Depends-Package: libknot-dev + zs_deinit@Base 3.1.0 + zs_errorname@Base 3.1.0 + zs_init@Base 3.1.0 + zs_parse_all@Base 3.1.0 + zs_parse_record@Base 3.1.0 + zs_set_input_file@Base 3.1.0 + zs_set_input_string@Base 3.1.0 + zs_set_processing@Base 3.1.0 + zs_set_processing_comment@Base 3.1.0 + zs_strerror@Base 3.1.0 diff --git a/distro/pkg/deb/not-installed b/distro/pkg/deb/not-installed new file mode 100644 index 0000000..c928be1 --- /dev/null +++ b/distro/pkg/deb/not-installed @@ -0,0 +1 @@ +etc/knot/example.com.zone diff --git a/distro/pkg/deb/prepare-environment b/distro/pkg/deb/prepare-environment new file mode 100755 index 0000000..7176f5e --- /dev/null +++ b/distro/pkg/deb/prepare-environment @@ -0,0 +1,38 @@ +#!/bin/sh + +set -eu + +CONFFILE=${1:-/etc/knot/knot.conf} + +if [ ! -r $CONFFILE ]; then + echo "$CONFFILE doesn't exist or has wrong permissions." + exit 1; +fi + +KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE) +[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot + +mkdir --parents "$KNOT_RUNDIR"; + +KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + +if [ -n "$KNOT_USER" ]; then + if ! getent passwd $KNOT_USER >/dev/null; then + echo "Configured user '$KNOT_USER' doesn't exist." + exit 1 + fi + + KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + if [ -z "$KNOT_GROUP" ]; then + KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :) + fi + + if ! getent group $KNOT_GROUP >/dev/null; then + echo "Configured group '$KNOT_GROUP' doesn't exist." + exit 1 + fi + chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR" + chmod 775 "$KNOT_RUNDIR" +fi + +: diff --git a/distro/pkg/deb/python3-libknot.install b/distro/pkg/deb/python3-libknot.install new file mode 100644 index 0000000..ce92dec --- /dev/null +++ b/distro/pkg/deb/python3-libknot.install @@ -0,0 +1,2 @@ +usr/lib/python3*/dist-packages/libknot-*.egg-info +usr/lib/python3*/dist-packages/libknot/*.py diff --git a/distro/pkg/deb/rules b/distro/pkg/deb/rules new file mode 100755 index 0000000..82cc34b --- /dev/null +++ b/distro/pkg/deb/rules @@ -0,0 +1,101 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG +export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +export DPKG_GENSYMBOLS_CHECK_LEVEL := 4 +export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so + +include /usr/share/dpkg/default.mk + +ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint)) + FASTPARSER := --disable-fastparser +else + FASTPARSER := --enable-fastparser +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386)) + RECVMMSG:=--enable-recvmmsg=no +else + RECVMMSG:=--enable-recvmmsg=yes +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386)) + RUN_TEST := +else + RUN_TEST := -timeout --kill-after=5s 5m +endif + +LIBKNOT_SYMBOLS := $(wildcard $(CURDIR)/debian/libknot*.symbols) + +# MAJOR.MINOR version part +BASE_VERSION := $(shell echo $(DEB_VERSION) | sed 's/^\([^.]\+\.[^.]\+\).*/\1/') + +# pyproject is supported by knot but fails on second `pybuild --build` +# invocation due to bug in dh-python's plugin_pyproject.py wheel unpack +export PYBUILD_SYSTEM = distutils + + +%: + dh $@ \ + --exclude=.la --exclude=example.com.zone \ + --with python3 + +override_dh_auto_configure: + dh_auto_configure -- \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot/modules-$(BASE_VERSION) \ + --with-storage=/var/lib/knot \ + --enable-systemd=auto \ + --enable-dnstap \ + --with-module-dnstap=shared \ + --with-module-geoip=shared \ + $(RECVMMSG) \ + $(FASTPARSER) \ + --disable-silent-rules \ + --enable-xdp=yes \ + --enable-quic=yes \ + --disable-static + +override_dh_auto_configure-indep: + pybuild --dir python/libknot --configure + pybuild --dir python/knot_exporter --configure + +override_dh_auto_build-indep: + dh_auto_build -- html + pybuild --dir python/libknot --build + pybuild --dir python/knot_exporter --build + +override_dh_auto_install-arch: + dh_auto_install -- install + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + @if grep -E -q "DoQ support: +no" "$(CURDIR)/debian/tmp/usr/sbin/knotd"; then \ + echo "Stripping the QUIC symbols"; \ + sed -i '/knot_quic_/d' $(LIBKNOT_SYMBOLS); \ + fi + +override_dh_auto_install-indep: + dh_auto_install -- install-html + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + pybuild --dir python/libknot --install + pybuild --dir python/knot_exporter --install + rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/libknot/__pycache__ + rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/knot_exporter/__pycache__ + +override_dh_auto_test-indep: +override_dh_auto_test-arch: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + $(RUN_TEST) dh_auto_test +endif + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installchangelogs: + dh_installchangelogs NEWS diff --git a/distro/pkg/deb/source/format b/distro/pkg/deb/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/distro/pkg/deb/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/distro/pkg/deb/tests/authoritative-server b/distro/pkg/deb/tests/authoritative-server new file mode 100755 index 0000000..028dfbf --- /dev/null +++ b/distro/pkg/deb/tests/authoritative-server @@ -0,0 +1,150 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# 2018-11-02 +# License: GPLv3+ + +# error on exit +set -e +# for handling jobspecs: +set -m + +if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then + d="$(mktemp -d)" + remove="$d" +else + d="$AUTOPKGTEST_ARTIFACTS" +fi +ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}" +port="${PORT:-8123}" +knotc="${KNOTC:-/usr/sbin/knotc}" +knotd="${KNOTD:-/usr/sbin/knotd}" +keymgr="${KEYMGR:-/usr/sbin/keymgr}" +kdig="${KDIG:-$(command -v kdig)}" +kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}" +test_address="${TEST_ADDRESS:-192.0.2.199}" + +declare -a knot_conf="--config=$d/knot.conf" +declare -a knot_args=("$knot_conf" --verbose) + +printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}" + +section() { + printf "\n%s\n" "$1" + sed 's/./-/g' <<<"$1" +} + +cleanup () { + section "cleaning up" + find "$d" -ls + "${knotc}" "${knot_args[@]}" stop + wait %1 + tail -n +1 -v "$d"/*.err + if [ "$remove" ]; then + printf "\ncleaning up working directory %s\n" "$remove" + rm -rf "$remove" + fi +} +trap cleanup EXIT + +section "set up config file and zonefile" + +user=$(id -nu) +group=$(id -ng) +cat > "$d/knot.conf" <<EOF +server: + rundir: "$d" + listen: $ip@$port + user: $user:$group +database: + storage: "$d" +template: + - id: default + storage: "$d" + file: "%s.zone" +zone: + - domain: example.net + dnssec-signing: on +EOF + +cat > "$d/example.net.zone" <<EOF +@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d +@ 1D IN NS a.ns.example.net. +@ 1D IN NS b.ns.example.net. +a.ns 1D IN A 192.0.2.1 +b.ns 1D IN A 192.0.2.2 +test 1D IN A $test_address +EOF + +find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v + +mkdir -p "${d}" + +section "kzonecheck'ing zonefile" +"${kzonecheck}" -v "$d/example.net.zone" + +section "launching knot" +"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" & + +# FIXME: this is an annoying poll -- would be better if we could be +# alerted when the daemon is done setting up the socket, but i don't +# want to "--daemonize" if i can avoid it because i want the shell to +# remain in direct supervision of all its processes +tried=0 +while [ $tried -lt 10 ] ; do + if "${knotc}" "${knot_args[@]}" status 2>&1; then + break; + fi + sleep 0.5 + tried=$(( $tried + 1 )) +done +if [ $tried -ge 10 ]; then + printf "failed to use %s\n" "${knotc}" >&2 + exit 1 +fi + +section "querying knot" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "" ]; then + printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2 + exit 1 +fi + +section "modifying zone" +printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone" +sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone" +"${knotc}" "${knot_args[@]}" reload +sleep 1 + +section "querying again" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "$test_address" ]; then + printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2 + exit 1 +fi + +section "querying DNSSEC" +"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec +if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then + printf "DNSSEC query not successful" >&2 + exit 1 +fi + +section "listing keys with keymgr" +"${keymgr}" "$knot_conf" -e example.net. list +if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then + printf "keymgr did not list KSK as expected" >&2 + exit 1 +fi diff --git a/distro/pkg/deb/tests/control b/distro/pkg/deb/tests/control new file mode 100644 index 0000000..e8b3dcb --- /dev/null +++ b/distro/pkg/deb/tests/control @@ -0,0 +1,13 @@ +Tests: kdig +Restrictions: skippable +Depends: + ca-certificates, + iputils-ping, + knot-dnsutils, + +Tests: authoritative-server +Depends: + findutils, + knot, + knot-dnsutils, + knot-dnssecutils, diff --git a/distro/pkg/deb/tests/kdig b/distro/pkg/deb/tests/kdig new file mode 100755 index 0000000..f1dbe5a --- /dev/null +++ b/distro/pkg/deb/tests/kdig @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +# Skip the test if no internet access +ping -c1 1.1.1.1 2>&1 || exit 77 + +expected=198.41.0.4 +answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true) + +if [ "$answer" != "$expected" ]; then + printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2 + kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A +fi diff --git a/distro/pkg/deb/ufw/knot b/distro/pkg/deb/ufw/knot new file mode 100644 index 0000000..ee36916 --- /dev/null +++ b/distro/pkg/deb/ufw/knot @@ -0,0 +1,4 @@ +[Knot] +title=Internet Domain Name Server +description=The Knot DNS implements an Internet domain name server. +ports=53 diff --git a/distro/pkg/deb/watch b/distro/pkg/deb/watch new file mode 100644 index 0000000..7cf9ea1 --- /dev/null +++ b/distro/pkg/deb/watch @@ -0,0 +1,4 @@ +version=4 +opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \ +https://secure.nic.cz/files/knot-dns/ \ +(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) diff --git a/distro/pkg/el-7/01-revert-AC_PROG_CC.patch b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch new file mode 100644 index 0000000..fb49c00 --- /dev/null +++ b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch @@ -0,0 +1,18 @@ +From: Daniel Salzman <daniel.salzman@nic.cz> +Date: Sun, 20 Feb 2022 20:38:35 +0100 +Subject: [PATCH] Revert "configure: upgrade from AC_PROG_CC_C99 to AC_PROG_CC" + +diff --git a/configure.ac b/configure.ac +index 6506197ed..c7df7f815 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -38,7 +38,8 @@ release_date=$($SED -n 's/^Knot DNS .* (\(.*\))/\1/p;q;' ${srcdir}/NEWS) + AC_SUBST([RELEASE_DATE], $release_date) + + # Set compiler compatibility flags +-AC_PROG_CC ++AC_PROG_CC_C99 # AC_PROG_CC not supported by CentOS 7 ++AM_PROG_CC_C_O # Needed by CentOS 7 + AC_PROG_CPP_WERROR + + # Set default CFLAGS diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch new file mode 100644 index 0000000..cbc5aa2 --- /dev/null +++ b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch @@ -0,0 +1,67 @@ +From: Daniel Salzman <daniel.salzman@nic.cz> +Date: Mon, 20 Mar 2023 14:57:54 +0100 +Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation + +diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c +index 5610865f6..555c495d9 100644 +--- a/src/libknot/quic/quic.c ++++ b/src/libknot/quic/quic.c +@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size, + goto error; + } + +- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size); ++ ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size); + if (ret != GNUTLS_E_SUCCESS) { + gnutls_x509_crt_deinit(cert); + goto error; +diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c +index 245dd3f96..6a2e7a986 100644 +--- a/src/utils/common/tls.c ++++ b/src/utils/common/tls.c +@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins) + + uint8_t cert_pin[CERT_PIN_LEN] = { 0 }; + size_t cert_pin_size = sizeof(cert_pin); +- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, ++ ret = gnutls_x509_crt_get_key_id(cert, 0, + cert_pin, &cert_pin_size); + if (ret != 0) { + gnutls_x509_crt_deinit(cert); +@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins) + } + + // Check if correspond to a specified PIN. +- bool match = check_pin(cert_pin, sizeof(cert_pin), pins); ++ bool match = check_pin(cert_pin, cert_pin_size, pins); + if (match) { + matches++; + } + + uint8_t *txt_pin; +- ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin); ++ ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin); + if (ret < 0) { + gnutls_x509_crt_deinit(cert); + return ret; + } +- DBG(" SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : ""); ++ DBG(" SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : ""); + free(txt_pin); + + gnutls_x509_crt_deinit(cert); +diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c +index 359b8b596..8fd33b011 100644 +--- a/src/utils/kdig/kdig_params.c ++++ b/src/utils/kdig/kdig_params.c +@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query) + if (ret < 0) { + ERR("invalid +tls-pin=%s", arg); + return ret; +- } else if (ret != CERT_PIN_LEN) { // Check for 256-bit value. +- ERR("invalid sha256 hash length +tls-pin=%s", arg); ++ } else if (ret != 20) { // Check for 256-bit value. ++ ERR("invalid sha1 hash length +tls-pin=%s", arg); + return KNOT_EINVAL; + } + diff --git a/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch new file mode 100644 index 0000000..8ef7e7e --- /dev/null +++ b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch @@ -0,0 +1,25 @@ +From c05abb0401d3343b96ced4a6cdd724ee04adfe1b Mon Sep 17 00:00:00 2001 +From: Daniel Salzman <daniel.salzman@nic.cz> +Date: Mon, 21 Aug 2023 16:54:46 +0200 +Subject: [PATCH] doc: don't try to import sphinx_panels on CentOS 7 + + + 1 file changed, 3 deletions(-) + +diff --git a/doc/conf.py b/doc/conf.py +index fc2e94d96..515241051 100644 +--- a/doc/conf.py ++++ b/doc/conf.py +@@ -27,9 +27,6 @@ sys.path.insert(0, os.path.abspath('ext')) + + # Add any Sphinx extension module names here, as strings. They can be extensions + # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +-import importlib.util +-if importlib.util.find_spec("sphinx_panels"): +- extensions = [ 'sphinx_panels' ] + + # Add any paths that contain templates here, relative to this directory. + templates_path = ['_templates'] +-- +2.25.1 + diff --git a/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch new file mode 100644 index 0000000..a13be90 --- /dev/null +++ b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch @@ -0,0 +1,166 @@ +From 1bad8f831a9fd506516549ac7461f97c689a0c46 Mon Sep 17 00:00:00 2001 +From: Daniel Salzman <daniel.salzman@nic.cz> +Date: Mon, 11 Dec 2023 17:08:23 +0100 +Subject: [PATCH] Revert "zone-sign: don't share PKCS 11 private keys by + multiple signing threads" + +This reverts commit 7d63e8e0825e03b8e0608e87b86968c452755c93. +--- + src/knot/dnssec/zone-keys.c | 38 +++---------------------------------- + src/libdnssec/key.h | 4 ++-- + src/libdnssec/key/key.c | 24 +---------------------- + tests/libdnssec/test_key.c | 4 ++-- + 4 files changed, 8 insertions(+), 62 deletions(-) + +diff --git a/src/knot/dnssec/zone-keys.c b/src/knot/dnssec/zone-keys.c +index cd6bf0bb3..d5cccc759 100644 +--- a/src/knot/dnssec/zone-keys.c ++++ b/src/knot/dnssec/zone-keys.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> ++/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -642,21 +642,6 @@ int zone_key_calculate_ds(zone_key_t *for_key, dnssec_key_digest_t digesttype, + return ret; + } + +-static int dup_zone_key(const zone_key_t *src, zone_key_t *dst) +-{ +- assert(src); +- assert(dst); +- +- *dst = *src; +- +- dst->key = dnssec_key_dup(src->key); +- if (dst->key == NULL) { +- return KNOT_ENOMEM; +- } +- +- return KNOT_EOK; +-} +- + zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t *dnssec_ctx) + { + zone_sign_ctx_t *ctx = calloc(1, sizeof(*ctx) + keyset->count * sizeof(*ctx->sign_ctxs)); +@@ -665,24 +650,11 @@ zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t + } + + ctx->sign_ctxs = (dnssec_sign_ctx_t **)(ctx + 1); +- +- ctx->keys = calloc(keyset->count, sizeof(*ctx->keys)); +- if (ctx->keys == NULL) { +- zone_sign_ctx_free(ctx); +- return NULL; +- } + ctx->count = keyset->count; +- ++ ctx->keys = keyset->keys; + ctx->dnssec_ctx = dnssec_ctx; + for (size_t i = 0; i < ctx->count; i++) { +- // Clone the key to avoid thread contention on the key mutex. +- int ret = dup_zone_key(&keyset->keys[i], &ctx->keys[i]); +- if (ret != KNOT_EOK) { +- zone_sign_ctx_free(ctx); +- return NULL; +- } +- +- ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key); ++ int ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key); + if (ret != DNSSEC_EOK) { + zone_sign_ctx_free(ctx); + return NULL; +@@ -719,12 +691,8 @@ void zone_sign_ctx_free(zone_sign_ctx_t *ctx) + { + if (ctx != NULL) { + for (size_t i = 0; i < ctx->count; i++) { +- if (ctx->keys != NULL) { +- dnssec_key_free(ctx->keys[i].key); +- } + dnssec_sign_free(ctx->sign_ctxs[i]); + } +- free(ctx->keys); + free(ctx); + } + } +diff --git a/src/libdnssec/key.h b/src/libdnssec/key.h +index aa8002b4a..2a69d377f 100644 +--- a/src/libdnssec/key.h ++++ b/src/libdnssec/key.h +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> ++/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -134,7 +134,7 @@ void dnssec_key_free(dnssec_key_t *key); + /*! + * Create a copy of a DNSSEC key. + * +- * Public key isn't duplicated. ++ * Only a public part of the key is copied. + */ + dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key); + +diff --git a/src/libdnssec/key/key.c b/src/libdnssec/key/key.c +index 4574bbefb..f36316712 100644 +--- a/src/libdnssec/key/key.c ++++ b/src/libdnssec/key/key.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> ++/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -141,28 +141,6 @@ dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key) + return NULL; + } + +- if (key->private_key != NULL) { +- gnutls_privkey_init(&dup->private_key); +- +- gnutls_privkey_type_t type = gnutls_privkey_get_type(key->private_key); +- if (type == GNUTLS_PRIVKEY_PKCS11) { +-#ifdef ENABLE_PKCS11 +- gnutls_pkcs11_privkey_t tmp; +- gnutls_privkey_export_pkcs11(key->private_key, &tmp); +- gnutls_privkey_import_pkcs11(dup->private_key, tmp, +- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); +-#else +- assert(0); +-#endif // ENABLE_PKCS11 +- } else { +- assert(type == GNUTLS_PRIVKEY_X509); +- gnutls_x509_privkey_t tmp; +- gnutls_privkey_export_x509(key->private_key, &tmp); +- gnutls_privkey_import_x509(dup->private_key, tmp, +- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); +- } +- } +- + return dup; + } + +diff --git a/tests/libdnssec/test_key.c b/tests/libdnssec/test_key.c +index c3643f08c..cd0aaee0e 100644 +--- a/tests/libdnssec/test_key.c ++++ b/tests/libdnssec/test_key.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> ++/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -148,7 +148,7 @@ static void test_private_key(const key_parameters_t *params) + + check_key_tag(copy, params); + check_key_size(copy, params); +- check_usage(copy, true, true); ++ check_usage(copy, true, false); + + dnssec_key_free(copy); + dnssec_key_free(key); +-- +2.34.1 + diff --git a/distro/pkg/el-7/knot.service b/distro/pkg/el-7/knot.service new file mode 100644 index 0000000..a872929 --- /dev/null +++ b/distro/pkg/el-7/knot.service @@ -0,0 +1,25 @@ +[Unit] +Description=Knot DNS server +Wants=network-online.target +After=network-online.target +Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) + +[Service] +Type=notify +User=knot +Group=knot +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP +ExecStartPre=/usr/sbin/knotc conf-check +ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE" +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-abort +LimitNOFILE=1048576 +TimeoutStopSec=300 +# Extend the systemd startup timeout by this value (seconds) for each zone +Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180" +# Maximum size (MiB) of a configuration database +Environment="KNOT_CONF_MAX_SIZE=512" + +[Install] +WantedBy=multi-user.target diff --git a/distro/pkg/el-7/knot.spec b/distro/pkg/el-7/knot.spec new file mode 100644 index 0000000..93d05bb --- /dev/null +++ b/distro/pkg/el-7/knot.spec @@ -0,0 +1,333 @@ +%global _hardened_build 1 +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}} + +%define GPG_CHECK 0 +%define BASE_VERSION %(echo "%{version}" | sed 's/^\\([^.]\\+\\.[^.]\\+\\).*/\\1/') +%define repodir %{_builddir}/%{name}-%{version} + +Summary: High-performance authoritative DNS server +Name: knot +Version: {{ version }} +Release: cznic.{{ release }}%{?dist} +License: GPL-3.0-or-later +URL: https://www.knot-dns.cz +Source0: %{name}-%{version}.tar.xz + +%if 0%{?GPG_CHECK} +Source1: https://secure.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc +# PGP keys used to sign upstream releases +# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures +# Don't forget to update %%prep section when adding/removing keys +Source100: gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc +BuildRequires: gnupg2 +%endif + +Patch1: 01-revert-AC_PROG_CC.patch +Patch2: 02-fix-compilation-by-using-SHA-1.patch +Patch3: 03-doc-don-t-try-to-import-sphinx_panels.patch +Patch4: 04-revert-don-t-share-PKCS-11-private-keys.patch + +# Required dependencies +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: devtoolset-11-make +BuildRequires: devtoolset-11-gcc +BuildRequires: pkgconfig(liburcu) +BuildRequires: pkgconfig(gnutls) >= 3.3 +BuildRequires: pkgconfig(libedit) + +# Optional dependencies +BuildRequires: pkgconfig(libcap-ng) +BuildRequires: pkgconfig(libidn2) +BuildRequires: pkgconfig(libmnl) +BuildRequires: pkgconfig(libnghttp2) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(systemd) +# dnstap dependencies +BuildRequires: pkgconfig(libfstrm) +BuildRequires: pkgconfig(libprotobuf-c) +# geoip dependencies +BuildRequires: pkgconfig(libmaxminddb) + +# Distro-dependent dependencies +%if 0%{?suse_version} +BuildRequires: python3-Sphinx +BuildRequires: lmdb-devel +BuildRequires: protobuf-c +Requires(pre): pwdutils +%endif +%if 0%{?rhel} && 0%{?rhel} <= 7 +BuildRequires: python-sphinx +BuildRequires: lmdb-devel +%endif +%if 0%{?fedora} || 0%{?rhel} > 7 +BuildRequires: python3-sphinx +BuildRequires: pkgconfig(lmdb) +%endif + +# disable XDP on old EL +%define configure_xdp --enable-xdp=no + +Requires(post): systemd %{_sbindir}/runuser +Requires(preun): systemd +Requires(postun): systemd + +Conflicts: knot-resolver < 5.7.0 + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description +Knot DNS is a high-performance authoritative DNS server implementation. + +%package libs +Summary: Libraries used by the Knot DNS server and client applications + +%description libs +The package contains shared libraries used by the Knot DNS server and +utilities. + +%package devel +Summary: Development header files for the Knot DNS libraries +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +The package contains development header files for the Knot DNS libraries +included in knot-libs package. + +%package utils +Summary: DNS client utilities shipped with the Knot DNS server +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +# Debian package compat +Provides: %{name}-dnsutils = %{version}-%{release} + +%description utils +The package contains DNS client utilities shipped with the Knot DNS server. + +%package dnssecutils +Summary: DNSSEC tools shipped with the Knot DNS server +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description dnssecutils +The package contains DNSSEC tools shipped with the Knot DNS server. + +%package module-dnstap +Summary: dnstap module for Knot DNS +Requires: %{name} = %{version}-%{release} + +%description module-dnstap +The package contains dnstap Knot DNS module for logging DNS traffic. + +%package module-geoip +Summary: geoip module for Knot DNS +Requires: %{name} = %{version}-%{release} + +%description module-geoip +The package contains geoip Knot DNS module for geography-based responses. + +%package doc +Summary: Documentation for the Knot DNS server +BuildArch: noarch +Provides: bundled(jquery) + +%description doc +The package contains documentation for the Knot DNS server. +On-line version is available on https://www.knot-dns.cz/documentation/ + +%prep +%if 0%{?GPG_CHECK} +export GNUPGHOME=./gpg-keyring +[ -d ${GNUPGHOME} ] && rm -r ${GNUPGHOME} +mkdir --mode=700 ${GNUPGHOME} +gpg2 --import %{SOURCE100} +gpg2 --verify %{SOURCE1} %{SOURCE0} +%endif +%autosetup -p1 + +%build +# disable debug code (causes unused warnings) +CFLAGS="%{optflags} -DNDEBUG -Wno-unused" + +%ifarch armv7hl i686 +# 32-bit architectures sometimes do not have sufficient amount of +# contiguous address space to handle default values +%define configure_db_sizes --with-conf-mapsize=64 +%endif + +autoreconf -if + +export CC="/opt/rh/devtoolset-11/root/usr/bin/gcc" +%configure \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-moduledir=%{_libdir}/knot/modules-%{BASE_VERSION} \ + --with-storage=/var/lib/knot \ + %{?configure_db_sizes} \ + %{?configure_xdp} \ + --disable-static \ + --enable-dnstap=yes \ + --with-module-dnstap=shared \ + --with-module-geoip=shared +make %{?_smp_mflags} +make html + +%install +make install DESTDIR=%{buildroot} + +# install documentation +install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples +install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone* +install -p -m 0644 NEWS README.md %{buildroot}%{_pkgdocdir} +cp -av doc/_build/html %{buildroot}%{_pkgdocdir} +[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1 +rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo + +# install daemon and dbus configuration files +rm %{buildroot}%{_sysconfdir}/%{name}/* +install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf +%if 0%{?fedora} || 0%{?rhel} > 7 +install -p -m 0644 -D %{repodir}/distro/common/cz.nic.knotd.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf +%endif + +# install systemd files +install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf +%if 0%{?suse_version} +ln -s service %{buildroot}/%{_sbindir}/rcknot +%endif + +# create storage dir +install -d %{buildroot}%{_sharedstatedir} +install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/knot + +# remove libarchive files +find %{buildroot} -type f -name "*.la" -delete -print + +%check +V=1 make check + +%pre +getent group knot >/dev/null || groupadd -r knot +getent passwd knot >/dev/null || \ + useradd -r -g knot -d %{_sharedstatedir}/knot -s /sbin/nologin \ + -c "Knot DNS server" knot +%if 0%{?suse_version} +%service_add_pre knot.service +%endif + +%post +systemd-tmpfiles --create %{_tmpfilesdir}/knot.conf &>/dev/null || : +%if 0%{?suse_version} +%service_add_post knot.service +%else +%systemd_post knot.service +%endif + +%preun +%if 0%{?suse_version} +%service_del_preun knot.service +%else +%systemd_preun knot.service +%endif + +%postun +%if 0%{?suse_version} +%service_del_postun knot.service +%else +%systemd_postun_with_restart knot.service +%endif + +%if 0%{?fedora} || 0%{?rhel} > 7 +# https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets +%else +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig +%endif + +%files +%license COPYING +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/html +%attr(770,root,knot) %dir %{_sysconfdir}/knot +%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/knot/knot.conf +%if 0%{?fedora} || 0%{?rhel} > 7 +%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf +%endif +%attr(770,root,knot) %dir %{_sharedstatedir}/knot +%dir %{_libdir}/knot +%dir %{_libdir}/knot/modules-* +%{_unitdir}/knot.service +%{_tmpfilesdir}/knot.conf +%{_sbindir}/kcatalogprint +%{_sbindir}/kjournalprint +%{_sbindir}/keymgr +%{_sbindir}/knotc +%{_sbindir}/knotd +%if 0%{?suse_version} +%{_sbindir}/rcknot +%endif +%{_mandir}/man5/knot.conf.* +%{_mandir}/man8/kcatalogprint.* +%{_mandir}/man8/kjournalprint.* +%{_mandir}/man8/keymgr.* +%{_mandir}/man8/knotc.* +%{_mandir}/man8/knotd.* +%ghost %attr(770,root,knot) %dir %{_rundir}/knot + +%files utils +%{_bindir}/kdig +%{_bindir}/khost +%{_bindir}/knsupdate +%if 0%{?use_xdp} +%{_sbindir}/kxdpgun +%{_mandir}/man8/kxdpgun.* +%endif +%{_mandir}/man1/kdig.* +%{_mandir}/man1/khost.* +%{_mandir}/man1/knsupdate.* + +%files dnssecutils +%{_bindir}/knsec3hash +%{_bindir}/kzonecheck +%{_bindir}/kzonesign +%{_mandir}/man1/knsec3hash.* +%{_mandir}/man1/kzonecheck.* +%{_mandir}/man1/kzonesign.* + +%files module-dnstap +%{_libdir}/knot/modules-*/dnstap.so + +%files module-geoip +%{_libdir}/knot/modules-*/geoip.so + +%files libs +%license COPYING +%doc NEWS +%doc README.md +%{_libdir}/libdnssec.so.* +%{_libdir}/libknot.so.* +%{_libdir}/libzscanner.so.* + +%files devel +%{_includedir}/libdnssec +%{_includedir}/knot +%{_includedir}/libknot +%{_includedir}/libzscanner +%{_libdir}/libdnssec.so +%{_libdir}/libknot.so +%{_libdir}/libzscanner.so +%{_libdir}/pkgconfig/knotd.pc +%{_libdir}/pkgconfig/libdnssec.pc +%{_libdir}/pkgconfig/libknot.pc +%{_libdir}/pkgconfig/libzscanner.pc + +%files doc +%dir %{_pkgdocdir} +%doc %{_pkgdocdir}/html + +%changelog +* {{ now }} Jakub Ružička <jakub.ruzicka@nic.cz> - {{ version }}-{{ release }} +- upstream package +- see https://www.knot-dns.cz diff --git a/distro/pkg/el-7/knot.tmpfiles b/distro/pkg/el-7/knot.tmpfiles new file mode 100644 index 0000000..edec729 --- /dev/null +++ b/distro/pkg/el-7/knot.tmpfiles @@ -0,0 +1,3 @@ +# tmpfiles.d(5) runtime directory for knot +#Type Path Mode UID GID Age Argument + d /run/knot 0755 knot knot - - diff --git a/distro/pkg/nix/default.nix b/distro/pkg/nix/default.nix new file mode 100644 index 0000000..eca1698 --- /dev/null +++ b/distro/pkg/nix/default.nix @@ -0,0 +1,86 @@ +{ lib, stdenv, fetchurl, pkg-config, gnutls, liburcu, lmdb, libcap_ng, libidn2, libunistring +, systemd, nettle, libedit, zlib, libiconv, libintl, libmaxminddb, libbpf, nghttp2, libmnl +, ngtcp2-gnutls, xdp-tools +, autoreconfHook +, nixosTests, knot-resolver, knot-dns, runCommandLocal +}: + +stdenv.mkDerivation rec { + pname = "knot-dns"; + version = "{{ version }}"; + + src = fetchurl { + url = "https://secure.nic.cz/files/knot-dns/knot-${version}.tar.xz"; + sha256 = "{{ src_hash }}"; + }; + + outputs = [ "bin" "out" "dev" ]; + + configureFlags = [ + "--with-configdir=/etc/knot" + "--with-rundir=/run/knot" + "--with-storage=/var/lib/knot" + ]; + + patches = [ + # Don't try to create directories like /var/lib/knot at build time. + # They are later created from NixOS itself. + ./dont-create-run-time-dirs.patch + ./runtime-deps.patch + ]; + + nativeBuildInputs = [ pkg-config autoreconfHook ]; + buildInputs = [ + gnutls liburcu libidn2 libunistring + nettle libedit + libiconv lmdb libintl + nghttp2 # DoH support in kdig + ngtcp2-gnutls # DoQ support in kdig (and elsewhere but not much use there yet) + libmaxminddb # optional for geoip module (it's tiny) + # without sphinx &al. for developer documentation + # TODO: add dnstap support? + ] ++ lib.optionals stdenv.isLinux [ + libcap_ng systemd + xdp-tools libbpf libmnl # XDP support (it's Linux kernel API) + ] ++ lib.optional stdenv.isDarwin zlib; # perhaps due to gnutls + + enableParallelBuilding = true; + + CFLAGS = [ "-O2" "-DNDEBUG" ]; + + doCheck = true; + checkFlags = [ "V=1" ]; # verbose output in case some test fails + doInstallCheck = true; + + postInstall = '' + rm -r "$out"/lib/*.la + ''; + + passthru.tests = { + inherit knot-resolver; + } // lib.optionalAttrs stdenv.isLinux { + inherit (nixosTests) knot kea; + # Some dependencies are very version-sensitive, so the might get dropped + # or embedded after some update, even if the nixPackagers didn't intend to. + # For non-linux I don't know a good replacement for `ldd`. + deps = runCommandLocal "knot-deps-test" + { nativeBuildInputs = [ (lib.getBin stdenv.cc.libc) ]; } + '' + for libname in libngtcp2 libxdp libbpf; do + echo "Checking for $libname:" + ldd '${knot-dns.bin}/bin/knotd' | grep -F "$libname" + echo "OK" + done + touch "$out" + ''; + }; + + meta = with lib; { + description = "Authoritative-only DNS server from .cz domain registry"; + homepage = "https://knot-dns.cz"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = [ maintainers.vcunat ]; + mainProgram = "knotd"; + }; +} diff --git a/distro/pkg/nix/dont-create-run-time-dirs.patch b/distro/pkg/nix/dont-create-run-time-dirs.patch new file mode 100644 index 0000000..9fe165e --- /dev/null +++ b/distro/pkg/nix/dont-create-run-time-dirs.patch @@ -0,0 +1,32 @@ +diff --git a/samples/Makefile.am b/samples/Makefile.am +index c253c91..107401d 100644 +--- a/samples/Makefile.am ++++ b/samples/Makefile.am +@@ -19,11 +19,6 @@ EXTRA_DIST = knot.sample.conf.in example.com.zone + + if HAVE_DAEMON + +-install-data-local: knot.sample.conf +- if [ \! -f $(DESTDIR)/$(config_dir)/knot.sample.conf ]; then \ +- $(INSTALL) -d $(DESTDIR)/$(config_dir); \ +- $(INSTALL_DATA) knot.sample.conf $(srcdir)/example.com.zone $(DESTDIR)/$(config_dir); \ +- fi + uninstall-local: + -rm -rf $(DESTDIR)/$(config_dir)/knot.sample.conf \ + $(DESTDIR)/$(config_dir)/example.com.zone +diff --git a/src/utils/Makefile.inc b/src/utils/Makefile.inc +index e6765d9..d859d23 100644 +--- a/src/utils/Makefile.inc ++++ b/src/utils/Makefile.inc +@@ -79,11 +79,6 @@ endif HAVE_DNSTAP + endif HAVE_UTILS + + if HAVE_DAEMON +-# Create storage and run-time directories +-install-data-hook: +- $(INSTALL) -d $(DESTDIR)/@config_dir@ +- $(INSTALL) -d $(DESTDIR)/@run_dir@ +- $(INSTALL) -d $(DESTDIR)/@storage_dir@ + + sbin_PROGRAMS = knotc knotd + diff --git a/distro/pkg/nix/runtime-deps.patch b/distro/pkg/nix/runtime-deps.patch new file mode 100644 index 0000000..19fc9cd --- /dev/null +++ b/distro/pkg/nix/runtime-deps.patch @@ -0,0 +1,14 @@ +Remove unnecessary runtime dependencies. + +`knotc status configure` shows summary from the configure script, +but that contains also references like include paths. +Filter these at least in a crude way (whole lines). +--- a/configure.ac ++++ b/configure.ac +@@ -766,5 +766,5 @@ result_msg_base=" Knot DNS $VERSION + +-result_msg_esc=$(echo -n "$result_msg_base" | sed '$!s/$/\\n/' | tr -d '\n') ++result_msg_esc=$(echo -n "$result_msg_base" | grep -Fv "$NIX_STORE" | sed '$!s/$/\\n/' | tr -d '\n') + + AC_DEFINE_UNQUOTED([CONFIGURE_SUMMARY],["$result_msg_esc"],[Configure summary]) + diff --git a/distro/pkg/nix/top-level.nix b/distro/pkg/nix/top-level.nix new file mode 100644 index 0000000..303923c --- /dev/null +++ b/distro/pkg/nix/top-level.nix @@ -0,0 +1,8 @@ + +with import <nixpkgs> {}; + +(callPackage ./. { +}).overrideAttrs (attrs: { + src = ./knot-{{ version }}.tar.xz; +}) + diff --git a/distro/pkg/rpm/knot.spec b/distro/pkg/rpm/knot.spec new file mode 100644 index 0000000..a5c1384 --- /dev/null +++ b/distro/pkg/rpm/knot.spec @@ -0,0 +1,324 @@ +%global _hardened_build 1 +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}} + +%define GPG_CHECK 0 +%define BASE_VERSION %(echo "%{version}" | sed 's/^\\([^.]\\+\\.[^.]\\+\\).*/\\1/') +%define repodir %{_builddir}/%{name}-%{version} + +Summary: High-performance authoritative DNS server +Name: knot +Version: {{ version }} +Release: cznic.{{ release }}%{?dist} +License: GPL-3.0-or-later +URL: https://www.knot-dns.cz +Source0: %{name}-%{version}.tar.xz + +%if 0%{?GPG_CHECK} +Source1: https://secure.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc +# PGP keys used to sign upstream releases +# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures +# Don't forget to update %%prep section when adding/removing keys +Source100: gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc +BuildRequires: gnupg2 +%endif + +# Required dependencies +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: make +BuildRequires: gcc +BuildRequires: pkgconfig(liburcu) +BuildRequires: pkgconfig(gnutls) +BuildRequires: pkgconfig(libedit) + +# Optional dependencies +BuildRequires: pkgconfig(libcap-ng) +BuildRequires: pkgconfig(libidn2) +BuildRequires: pkgconfig(libmnl) +BuildRequires: pkgconfig(libnghttp2) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(systemd) +# dnstap dependencies +BuildRequires: pkgconfig(libfstrm) +BuildRequires: pkgconfig(libprotobuf-c) +# geoip dependencies +BuildRequires: pkgconfig(libmaxminddb) +# XDP dependencies +BuildRequires: pkgconfig(libbpf) + +# Distro-dependent dependencies +%if 0%{?suse_version} +BuildRequires: python3-Sphinx +BuildRequires: lmdb-devel +BuildRequires: protobuf-c +Requires(pre): pwdutils +%if 0%{?sle_version} != 150400 +BuildRequires: pkgconfig(libxdp) +%endif +%endif +%if 0%{?fedora} || 0%{?rhel} +BuildRequires: python3-sphinx +BuildRequires: pkgconfig(lmdb) +%if 0%{?fedora} || 0%{?rhel} >= 9 +BuildRequires: pkgconfig(libxdp) +%endif +%endif + +%if 0%{?rhel} >= 9 || 0%{?suse_version} || 0%{?fedora} +%define configure_quic --enable-quic=yes +%endif + +Requires(post): systemd %{_sbindir}/runuser +Requires(preun): systemd +Requires(postun): systemd + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description +Knot DNS is a high-performance authoritative DNS server implementation. + +%package libs +Summary: Libraries used by the Knot DNS server and client applications +Conflicts: knot-resolver < 5.7.0 + +%description libs +The package contains shared libraries used by the Knot DNS server and +utilities. + +%package devel +Summary: Development header files for the Knot DNS libraries +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +The package contains development header files for the Knot DNS libraries +included in knot-libs package. + +%package utils +Summary: DNS client utilities shipped with the Knot DNS server +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +# Debian package compat +Provides: %{name}-dnsutils = %{version}-%{release} + +%description utils +The package contains DNS client utilities shipped with the Knot DNS server. + +%package dnssecutils +Summary: DNSSEC tools shipped with the Knot DNS server +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description dnssecutils +The package contains DNSSEC tools shipped with the Knot DNS server. + +%package module-dnstap +Summary: dnstap module for Knot DNS +Requires: %{name} = %{version}-%{release} + +%description module-dnstap +The package contains dnstap Knot DNS module for logging DNS traffic. + +%package module-geoip +Summary: geoip module for Knot DNS +Requires: %{name} = %{version}-%{release} + +%description module-geoip +The package contains geoip Knot DNS module for geography-based responses. + +%package doc +Summary: Documentation for the Knot DNS server +BuildArch: noarch +Provides: bundled(jquery) + +%description doc +The package contains documentation for the Knot DNS server. +On-line version is available on https://www.knot-dns.cz/documentation/ + +%prep +%if 0%{?GPG_CHECK} +export GNUPGHOME=./gpg-keyring +[ -d ${GNUPGHOME} ] && rm -r ${GNUPGHOME} +mkdir --mode=700 ${GNUPGHOME} +gpg2 --import %{SOURCE100} +gpg2 --verify %{SOURCE1} %{SOURCE0} +%endif +%autosetup -p1 + +%build +# disable debug code (causes unused warnings) +CFLAGS="%{optflags} -DNDEBUG -Wno-unused" + +%ifarch armv7hl i686 +# 32-bit architectures sometimes do not have sufficient amount of +# contiguous address space to handle default values +%define configure_db_sizes --with-conf-mapsize=64 +%endif + +%configure \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-moduledir=%{_libdir}/knot/modules-%{BASE_VERSION} \ + --with-storage=/var/lib/knot \ + %{?configure_db_sizes} \ + %{?configure_quic} \ + --disable-static \ + --enable-dnstap=yes \ + --with-module-dnstap=shared \ + --with-module-geoip=shared +make %{?_smp_mflags} +make html + +%install +make install DESTDIR=%{buildroot} + +# install documentation +install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples +install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone* +install -p -m 0644 NEWS README.md %{buildroot}%{_pkgdocdir} +cp -av doc/_build/html %{buildroot}%{_pkgdocdir} +[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1 +rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo + +# install daemon and dbus configuration files +rm %{buildroot}%{_sysconfdir}/%{name}/* +install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf +%if 0%{?fedora} || 0%{?rhel} > 7 +install -p -m 0644 -D %{repodir}/distro/common/cz.nic.knotd.conf %{buildroot}%{_datadir}/dbus-1/system.d/cz.nic.knotd.conf +%endif + +# install systemd files +install -p -m 0644 -D %{repodir}/distro/common/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +%if 0%{?suse_version} +ln -s service %{buildroot}/%{_sbindir}/rcknot +%endif + +# create storage dir +install -d %{buildroot}%{_sharedstatedir} +install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/knot + +# remove libarchive files +find %{buildroot} -type f -name "*.la" -delete -print + +%check +V=1 make check + +%pre +getent group knot >/dev/null || groupadd -r knot +getent passwd knot >/dev/null || \ + useradd -r -g knot -d %{_sharedstatedir}/knot -s /sbin/nologin \ + -c "Knot DNS server" knot +%if 0%{?suse_version} +%service_add_pre knot.service +%endif + +%post +%if 0%{?suse_version} +%service_add_post knot.service +%else +%systemd_post knot.service +%endif + +%preun +%if 0%{?suse_version} +%service_del_preun knot.service +%else +%systemd_preun knot.service +%endif + +%postun +%if 0%{?suse_version} +%service_del_postun knot.service +%else +%systemd_postun_with_restart knot.service +%endif + +%if 0%{?fedora} || 0%{?rhel} > 7 +# https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets +%else +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig +%endif + +%files +%license COPYING +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/html +%attr(750,root,knot) %dir %{_sysconfdir}/knot +%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/knot/knot.conf +%if 0%{?fedora} || 0%{?rhel} > 7 +%config(noreplace) %attr(644,root,root) %{_datadir}/dbus-1/system.d/cz.nic.knotd.conf +%endif +%attr(770,root,knot) %dir %{_sharedstatedir}/knot +%dir %{_libdir}/knot +%dir %{_libdir}/knot/modules-* +%{_unitdir}/knot.service +%{_sbindir}/kcatalogprint +%{_sbindir}/kjournalprint +%{_sbindir}/keymgr +%{_sbindir}/knotc +%{_sbindir}/knotd +%if 0%{?suse_version} +%{_sbindir}/rcknot +%endif +%{_mandir}/man5/knot.conf.* +%{_mandir}/man8/kcatalogprint.* +%{_mandir}/man8/kjournalprint.* +%{_mandir}/man8/keymgr.* +%{_mandir}/man8/knotc.* +%{_mandir}/man8/knotd.* +%ghost %attr(770,root,knot) %dir %{_rundir}/knot + +%files utils +%{_bindir}/kdig +%{_bindir}/khost +%{_bindir}/knsupdate +%{_sbindir}/kxdpgun +%{_mandir}/man8/kxdpgun.* +%{_mandir}/man1/kdig.* +%{_mandir}/man1/khost.* +%{_mandir}/man1/knsupdate.* + +%files dnssecutils +%{_bindir}/knsec3hash +%{_bindir}/kzonecheck +%{_bindir}/kzonesign +%{_mandir}/man1/knsec3hash.* +%{_mandir}/man1/kzonecheck.* +%{_mandir}/man1/kzonesign.* + +%files module-dnstap +%{_libdir}/knot/modules-*/dnstap.so + +%files module-geoip +%{_libdir}/knot/modules-*/geoip.so + +%files libs +%license COPYING +%doc NEWS +%doc README.md +%{_libdir}/libdnssec.so.* +%{_libdir}/libknot.so.* +%{_libdir}/libzscanner.so.* + +%files devel +%{_includedir}/libdnssec +%{_includedir}/knot +%{_includedir}/libknot +%{_includedir}/libzscanner +%{_libdir}/libdnssec.so +%{_libdir}/libknot.so +%{_libdir}/libzscanner.so +%{_libdir}/pkgconfig/knotd.pc +%{_libdir}/pkgconfig/libdnssec.pc +%{_libdir}/pkgconfig/libknot.pc +%{_libdir}/pkgconfig/libzscanner.pc + +%files doc +%dir %{_pkgdocdir} +%doc %{_pkgdocdir}/html + +%changelog +* {{ now }} Knot DNS <knot-dns@labs.nic.cz> - {{ version }}-{{ release }} +- upstream package +- see https://www.knot-dns.cz diff --git a/distro/tests/README.md b/distro/tests/README.md new file mode 100644 index 0000000..d356db5 --- /dev/null +++ b/distro/tests/README.md @@ -0,0 +1,16 @@ +# packaging tests + +Debian autopkgtests from `distro/pkg/deb/tests` are reused here +using `apkg test` and symlinks. + +To run tests (from project root): + + apkg test + +See templated tests control: distro/tests/extra/all + +To see rendered control (from project root): + + apkg test --show-control [--distro debian-11] + +See [apkg test docs](https://pkg.labs.nic.cz/pages/apkg/test/). diff --git a/distro/tests/authoritative-server b/distro/tests/authoritative-server new file mode 100755 index 0000000..028dfbf --- /dev/null +++ b/distro/tests/authoritative-server @@ -0,0 +1,150 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# 2018-11-02 +# License: GPLv3+ + +# error on exit +set -e +# for handling jobspecs: +set -m + +if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then + d="$(mktemp -d)" + remove="$d" +else + d="$AUTOPKGTEST_ARTIFACTS" +fi +ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}" +port="${PORT:-8123}" +knotc="${KNOTC:-/usr/sbin/knotc}" +knotd="${KNOTD:-/usr/sbin/knotd}" +keymgr="${KEYMGR:-/usr/sbin/keymgr}" +kdig="${KDIG:-$(command -v kdig)}" +kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}" +test_address="${TEST_ADDRESS:-192.0.2.199}" + +declare -a knot_conf="--config=$d/knot.conf" +declare -a knot_args=("$knot_conf" --verbose) + +printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}" + +section() { + printf "\n%s\n" "$1" + sed 's/./-/g' <<<"$1" +} + +cleanup () { + section "cleaning up" + find "$d" -ls + "${knotc}" "${knot_args[@]}" stop + wait %1 + tail -n +1 -v "$d"/*.err + if [ "$remove" ]; then + printf "\ncleaning up working directory %s\n" "$remove" + rm -rf "$remove" + fi +} +trap cleanup EXIT + +section "set up config file and zonefile" + +user=$(id -nu) +group=$(id -ng) +cat > "$d/knot.conf" <<EOF +server: + rundir: "$d" + listen: $ip@$port + user: $user:$group +database: + storage: "$d" +template: + - id: default + storage: "$d" + file: "%s.zone" +zone: + - domain: example.net + dnssec-signing: on +EOF + +cat > "$d/example.net.zone" <<EOF +@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d +@ 1D IN NS a.ns.example.net. +@ 1D IN NS b.ns.example.net. +a.ns 1D IN A 192.0.2.1 +b.ns 1D IN A 192.0.2.2 +test 1D IN A $test_address +EOF + +find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v + +mkdir -p "${d}" + +section "kzonecheck'ing zonefile" +"${kzonecheck}" -v "$d/example.net.zone" + +section "launching knot" +"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" & + +# FIXME: this is an annoying poll -- would be better if we could be +# alerted when the daemon is done setting up the socket, but i don't +# want to "--daemonize" if i can avoid it because i want the shell to +# remain in direct supervision of all its processes +tried=0 +while [ $tried -lt 10 ] ; do + if "${knotc}" "${knot_args[@]}" status 2>&1; then + break; + fi + sleep 0.5 + tried=$(( $tried + 1 )) +done +if [ $tried -ge 10 ]; then + printf "failed to use %s\n" "${knotc}" >&2 + exit 1 +fi + +section "querying knot" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "" ]; then + printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2 + exit 1 +fi + +section "modifying zone" +printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone" +sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone" +"${knotc}" "${knot_args[@]}" reload +sleep 1 + +section "querying again" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "$test_address" ]; then + printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2 + exit 1 +fi + +section "querying DNSSEC" +"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec +if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then + printf "DNSSEC query not successful" >&2 + exit 1 +fi + +section "listing keys with keymgr" +"${keymgr}" "$knot_conf" -e example.net. list +if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then + printf "keymgr did not list KSK as expected" >&2 + exit 1 +fi diff --git a/distro/tests/extra/all/control b/distro/tests/extra/all/control new file mode 100644 index 0000000..6f9da6b --- /dev/null +++ b/distro/tests/extra/all/control @@ -0,0 +1,10 @@ +Tests: kdig +Restrictions: skippable +{%- if distro.match('deb') %} +Depends: iputils-ping, ca-certificates +{%- elif distro.match('rpm') %} +Depends: iputils +{%- endif %} + +Tests: authoritative-server +Depends: findutils diff --git a/distro/tests/kdig b/distro/tests/kdig new file mode 100755 index 0000000..f1dbe5a --- /dev/null +++ b/distro/tests/kdig @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +# Skip the test if no internet access +ping -c1 1.1.1.1 2>&1 || exit 77 + +expected=198.41.0.4 +answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true) + +if [ "$answer" != "$expected" ]; then + printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2 + kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A +fi |